关键信息 漏洞编号: CVE-2018-21245 漏洞描述: HTTP Request Smuggling in Pound 3.0 状态: RESOLVED FIXED 产品: Gentoo Security 组件: Vulnerabilities 重要性: Normal minor 相关链接: https://github.com/gentoo/gentoo/pull/20781 https://github.com/gentoo/gentoo/pull/21665 相关CVE: CVE-2018-21245 关键评论: 1. Sam James (2020-03-23): - Fixed in Pound 2.8, resolving potential request smuggling via fudged headers. 2. Sam James (2020-03-24): - Cannot bump to new 2.8 due to bug-674064. 3. Larry the Git Cow (2021-05-12): - Bumped to version 3.0 in commit . - Drop support for alpha, hppa, ppc, and sparc due to required dependencies. 4. Sam James (2021-06-17): - All arches done. 5. Larry the Git Cow (2021-07-15): - Closed old version in commit . 结论: The vulnerability was fixed in Pound 3.0. All necessary changes were committed to Gentoo repositories.