Re: Bug#493645: ITP: nostromo -- small, simple, fast and secure httpd

To: debian-devel@lists.debian.org
Subject: Re: Bug#493645: ITP: nostromo -- small, simple, fast and secure httpd
From: Ben Hutchings <ben@decadent.org.uk>
Date: Mon, 04 Aug 2008 23:36:04 +0100
Message-id: <[🔎] 1217889364.29774.16.camel@deadeye.i.decadent.org.uk>
In-reply-to: <[🔎] 20080803200951.27218.18536.reportbug@x61.webvm.net>
References: <[🔎] 20080803200951.27218.18536.reportbug@x61.webvm.net>

On Sun, 2008-08-03 at 21:09 +0100, Kai Hendry wrote:
> Package: wnpp
> Severity: wishlist
> Owner: Kai Hendry <hendry@iki.fi>
> 
> * Package name    : nostromo
>   Version         : 1.8.6
>   Upstream Author : Marcus Glocker <marcus@nazgul.ch>
> * URL             : http://www.nazgul.ch/dev.html
> * License         : MIT
>   Programming Lang: C
>   Description     : small, simple, fast and secure httpd

"Secure"?  Even though it allows parent directory traversal?  As has
been said time and time again, Debian doesn't need yet another tiny
httpd that inevitably turns out to have such flaws.

It doesn't get URI decoding right either.

Ben.

-- 
Ben Hutchings
Nothing is ever a complete failure; it can always serve as a bad example.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Follow-Ups:
- Re: Re: Bug#493645: ITP: nostromo -- small, simple, fast and securehttpd
  - From: Franklin PIAT <fpiat@klabs.be>

References:
- Bug#493645: ITP: nostromo -- small, simple, fast and secure httpd
  - From: Kai Hendry <hendry@iki.fi>

Prev by Date: Re: Statically linking against bundled libagg
Next by Date: Bug#493794: ITP: goocanvasmm -- C++ bindings for GooCanvas
Previous by thread: Bug#493645: ITP: nostromo -- small, simple, fast and secure httpd
Next by thread: Re: Re: Bug#493645: ITP: nostromo -- small, simple, fast and securehttpd
Index(es):
- Date
- Thread