Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: multiple vulnerabilities in thttpds htpasswd utility https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191095 ------- Additional Comments From tibbs@xxxxxxxxxxx 2006-05-26 11:22 EST ------- I did some comparisons but the htpasswd.c in thttpd is so old that it doesn't resemble any of the code in the Apache versions I have around. There's one comment in the thttpd htpasswd.c that concerns me: /* Modified 29aug97 by Jef Poskanzer to accept new password on stdin, ** if stdin is a pipe or file. This is necessary for use from CGI. I don't know that the Apache htpasswd.c supports this; if not, it would have to be hacked back in. I'll attach the current Apache htpasswd.c. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
