Accepted lighttpd 1.4.13-9ubuntu4.1 (source)

Ubuntu Installer archive at ubuntu.com
Thu Aug 9 19:55:31 BST 2007


Accepted:
 OK: lighttpd_1.4.13.orig.tar.gz
 OK: lighttpd_1.4.13-9ubuntu4.1.diff.gz
 OK: lighttpd_1.4.13-9ubuntu4.1.dsc
     -> Component: universe Section: web

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 08 Aug 2007 11:37:59 +0200
Source: lighttpd
Binary: lighttpd-mod-mysql-vhost lighttpd-mod-cml lighttpd-doc lighttpd-mod-trigger-b4-dl lighttpd lighttpd-mod-webdav lighttpd-mod-magnet
Architecture: source
Version: 1.4.13-9ubuntu4.1
Distribution: feisty-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Aron Sisak <aron at ubuntu.hu>
Description: 
 lighttpd   - A fast webserver with minimal memory footprint
 lighttpd-doc - Documentation for lighttpd
 lighttpd-mod-cml - Cache meta language module for lighttpd
 lighttpd-mod-magnet - Control the request handling module for lighttpd
 lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd
 lighttpd-mod-trigger-b4-dl - Anti-deep-linking module for lighttpd
 lighttpd-mod-webdav - WebDAV module for lighttpd
Changes: 
 lighttpd (1.4.13-9ubuntu4.1) feisty-security; urgency=low
 .
   * SECURITY UPDATE: remote crash on duplicate header keys with line-wrapping,
     various mod_auth bugs, mod_access bug and mod_fastcgi local DOS bug
     (LP:#127718)
   * debian/patches/06_security_lighttpd-1.4.x_duplicated_headers_with_folding_crash.dpatch:
     - Fixes header parsing bug (Lighttpd SA 2007:03, CVE 2007-3947)
       - Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_03.txt
       - Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_duplicated_headers_with_folding_crash.patch
   * debian/patches/07_security_lighttpd-1.4.x_mod_auth_sec.dpatch:
     - Fixes various mod_auth bugs (Lighttpd SA 2007:04-07, CVE 2007-3946)
       - Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_04.txt,
         http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_05.txt,
         http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_06.txt,
         http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_07.txt
       - Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_auth_sec.patch
   * debian/patches/08_security_lighttpd-1.4.x_mod_access_bypass.dpatch:
     - Fixes mod_access bug (Lighttpd SA 2007:08, CVE 2007-3949)
       - Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_08.txt
       - Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_access_bypass.patch
   * debian/patches/09_security_lighttpd-1.4.x_connections.dpatch:
     - Fixes crashes with accessing out of bound fd array index (CVE 2007-3948)
       - Description: http://secunia.com/cve_reference/CVE-2007-3948/
       - Patch: http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
   * debian/patches/10_security_lighttpd-1.4.x_mod_scgi_segfault.dpatch
     - Fixes segmentation fault in mod_scgi, ... (CVE 2007-3950)
       - Description: http://secunia.com/cve_reference/CVE-2007-3950/
       - Patch: http://trac.lighttpd.net/trac/changeset/1882?format=diff&new=1882
   * References:
     - Summary: http://www.lighttpd.net/2007/7/24/1-4-16-let-s-ship-it
     - External references: http://secunia.com/advisories/26130/
Files: 
 45935c35357fcfc65e247f9705346a95 1239 web optional lighttpd_1.4.13-9ubuntu4.1.dsc
 85f8833eb3c5fc3bda48933e1caf3764 40014 web optional lighttpd_1.4.13-9ubuntu4.1.diff.gz
Original-Maintainer: Debian lighttpd maintainers <pkg-lighttpd-maintainers at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGuywhH/9LqRcGPm0RAmf9AKCd8Xt3hrClgO9/1oBOsjbCktxtLACfS/go
uYHdO1qS3jEm/dXlRYUbs+E=
=Qux0
-----END PGP SIGNATURE-----





More information about the feisty-changes mailing list