TEMP-0783007-4C0B51

NameTEMP-0783007-4C0B51
Descriptionhttp uri parsing issue
SourceAutomatically generated temporary name. Not for external reference.
Debian Bugs783007

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libhtp (PTS)buster1:0.5.30-1fixed
bullseye1:0.5.36-1fixed
bookworm1:0.5.42-1fixed
sid, trixie1:0.5.49-1fixed
suricata (PTS)jessie, jessie (lts)2.0.7-2+deb8u5fixed
stretch3.2.1-1+deb9u1fixed
buster, buster (lts)1:4.1.2-2+deb10u2fixed
bullseye1:6.0.1-3fixed
bookworm1:6.0.10-1fixed
sid, trixie1:7.0.8-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libhtpsource(unstable)1:0.5.25-1783007
suricatasourcesqueeze(not affected)
suricatasourcewheezy(not affected)
suricatasource(unstable)2.0.7-1

Notes

[squeeze] - libhtp <no-dsa> (Minor issue)
if libhtp gets updated to 0.5.17 in sid, it will conflict with suricata which ships the library too (see #783005)
[wheezy] - libhtp <no-dsa> (Unusable in wheezy, planned for removal)
[wheezy] - suricata <not-affected> (Uses system-wide libhtp)
[squeeze] - suricata <not-affected> (Uses system-wide libhtp)
https://redmine.openinfosecfoundation.org/issues/1391
https://github.com/OISF/libhtp/commit/1a6c9465fb641f81460392f622d1878d5e87fc00
Fixed in Libhtp 0.5.17 upstream

Search for package or bug name: Reporting problems