Accepted lighttpd 1.4.13-9ubuntu4.2 (source)
Ubuntu Installer
archive at ubuntu.com
Tue Sep 11 18:55:24 BST 2007
Accepted:
OK: lighttpd_1.4.13.orig.tar.gz
OK: lighttpd_1.4.13-9ubuntu4.2.diff.gz
OK: lighttpd_1.4.13-9ubuntu4.2.dsc
-> Component: universe Section: web
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 10 Sep 2007 14:57:39 -0400
Source: lighttpd
Binary: lighttpd-mod-mysql-vhost lighttpd-mod-cml lighttpd-doc lighttpd-mod-trigger-b4-dl lighttpd lighttpd-mod-webdav lighttpd-mod-magnet
Architecture: source
Version: 1.4.13-9ubuntu4.2
Distribution: feisty-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
lighttpd - A fast webserver with minimal memory footprint
lighttpd-doc - Documentation for lighttpd
lighttpd-mod-cml - Cache meta language module for lighttpd
lighttpd-mod-magnet - Control the request handling module for lighttpd
lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd
lighttpd-mod-trigger-b4-dl - Anti-deep-linking module for lighttpd
lighttpd-mod-webdav - WebDAV module for lighttpd
Changes:
lighttpd (1.4.13-9ubuntu4.2) feisty-security; urgency=low
.
* SECURITY UPDATE: fix DoS crash from improper EOL handling in mod_cgi.c
(backported from upstream 1.4.17)
* SECURITY UPDATE: fix potential DoS crash in etag.c. This patch also fixes
possible dereferencing a NULL pointer in buffer.c (both backported from
upstream 1.4.17)
* SECURITY UPDATE: fix arbitrary code execution in mod_fastcgi.c due to
improper handling of content length in HTTP headers. Patch from upstream
* References
https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138309
https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138310
http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
CVE-2007-4727
Files:
9a5f87bea8b0bf08f43965c4acb5458f 1239 web optional lighttpd_1.4.13-9ubuntu4.2.dsc
92c5e1850764a2a4256375b66894c78f 44320 web optional lighttpd_1.4.13-9ubuntu4.2.diff.gz
Original-Maintainer: Debian lighttpd maintainers <pkg-lighttpd-maintainers at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG5rrrH/9LqRcGPm0RAn3kAJ9ndz6DlEOECJxQ1P0Zd3BAiy3b5gCfTLXY
VILwEDDj+7Hjsr79yMk+nw0=
=n92s
-----END PGP SIGNATURE-----
More information about the feisty-changes
mailing list