Accepted: lighttpd 1.4.18-1ubuntu6 (source)

Emanuele Gentili emgent at emanuele-gentili.com
Tue Mar 11 13:45:19 GMT 2008 

Accepted:
 OK: lighttpd_1.4.18.orig.tar.gz
 OK: lighttpd_1.4.18-1ubuntu6.diff.gz
 OK: lighttpd_1.4.18-1ubuntu6.dsc
     -> Component: universe Section: web

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 11 Mar 2008 14:16:48 +0100
Source: lighttpd
Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet lighttpd-mod-webdav
Architecture: source
Version: 1.4.18-1ubuntu6
Distribution: hardy
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Emanuele Gentili <emgent at emanuele-gentili.com>
Description: 
 lighttpd   - A fast webserver with minimal memory footprint
 lighttpd-doc - Documentation for lighttpd
 lighttpd-mod-cml - Cache meta language module for lighttpd
 lighttpd-mod-magnet - Control the request handling module for lighttpd
 lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd
 lighttpd-mod-trigger-b4-dl - Anti-deep-linking module for lighttpd
 lighttpd-mod-webdav - WebDAV module for lighttpd
Launchpad-Bugs-Fixed: 200987
Changes: 
 lighttpd (1.4.18-1ubuntu6) hardy; urgency=low
 .
   * SECURITY UPDATE: (LP: #200987)
    + debian/patches/91_CVE-2008-1270.dpatch
     - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
       uses a default of $HOME, which might allow remote attackers to read arbitrary
       files, as demonstrated by accessing the ~nobody directory.
   * References
    + CVE-2008-1270
    + http://trac.lighttpd.net/trac/ticket/1587
    + http://trac.lighttpd.net/trac/changeset/2120
Files: 
 40ff66a9da8a49a7568f5358d2c01c19 1463 web optional lighttpd_1.4.18-1ubuntu6.dsc
 bd93a61348dbedba55cac92cd09978d1 22384 web optional lighttpd_1.4.18-1ubuntu6.diff.gz
Original-Maintainer: Debian lighttpd maintainers <pkg-lighttpd-maintainers at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQCVAwUBR9aLpt3f7CNdEra6AQJpswP9HCCxZQAT2P2CeRwaZfcmNlt1LSQNO51b
Wcc8QP+4Pji38mIB/IfVBUG8pVREfkqekTCBqGMSU5j1ci397Kytsg2hq/27PPLx
G8EVJOeylXynO9DylyWNx1FbrQ9LdD296AF9tuxB2deyXnz2on8v3MJ67Dd5Y/D0
LzhepwKU8js=
=2/aQ
-----END PGP SIGNATURE-----

More information about the Hardy-changes mailing list