[ubuntu/trusty-proposed] lighttpd 1.4.33-1+nmu2ubuntu1 (Accepted)

Wed Dec 18 07:39:14 UTC 2013

lighttpd (1.4.33-1+nmu2ubuntu1) trusty; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/index.html: corrected BTS Ubuntu link for lighttpd.
    - debian/index.html: s/Debian/Ubuntu/g branding on the default page.
    - debian/lighttpd.conf: Comment 'use-ipv6.pl' by default, which causes
      failure to bind port in ipv4.
    - Add lighttpd-dev package:
      + debian/control: Added lighttpd-dev package; Build-depends on
        automake (>=1.14), libtool.
      + debian/lighttpd-dev.install: Added.
    - debian/control: libgamin-dev rather than libfam-dev to fix startup warning.
    - debian/rules: Add override_dh_installinit to set "defaults 91 09" to not
      start before apache2 but in the same runlevel with the same priority.
    - Added a UFW profile set:
      + debian/lighttpd.dirs: added etc/ufw/applications.d
      + debian/rules: install the ufw profile.
      + debian/control: Suggests on ufw.

lighttpd (1.4.33-1+nmu2) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix regression caused by the fix for cve-2013-4508 (closes: #729480).

lighttpd (1.4.33-1+nmu1) unstable; urgency=high

  * Non-maintainer upload by the Security Team (closes: #729453).
  * Fix cve-2013-4508: ssl cipher suites issue.
  * Fix cve-2013-4559: setuid privilege escalation issue.
  * Fix cve-2013-4560: use-after-free in fam.

Date: Wed, 18 Dec 2013 14:30:01 +0700
Changed-By: Mahyuddin Susanto <udienz at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/trusty/+source/lighttpd/1.4.33-1+nmu2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 18 Dec 2013 14:30:01 +0700
Source: lighttpd
Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet lighttpd-mod-webdav lighttpd-dev
Architecture: source
Version: 1.4.33-1+nmu2ubuntu1
Distribution: trusty
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Mahyuddin Susanto <udienz at ubuntu.com>
Description: 
 lighttpd   - fast webserver with minimal memory footprint
 lighttpd-dev - Development files for lighttpd
 lighttpd-doc - documentation for lighttpd
 lighttpd-mod-cml - cache meta language module for lighttpd
 lighttpd-mod-magnet - control the request handling module for lighttpd
 lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd
 lighttpd-mod-trigger-b4-dl - anti-deep-linking module for lighttpd
 lighttpd-mod-webdav - WebDAV module for lighttpd
Closes: 729453 729480
Changes: 
 lighttpd (1.4.33-1+nmu2ubuntu1) trusty; urgency=low
 .
   * Merge from Debian unstable.  Remaining changes:
     - debian/index.html: corrected BTS Ubuntu link for lighttpd.
     - debian/index.html: s/Debian/Ubuntu/g branding on the default page.
     - debian/lighttpd.conf: Comment 'use-ipv6.pl' by default, which causes
       failure to bind port in ipv4.
     - Add lighttpd-dev package:
       + debian/control: Added lighttpd-dev package; Build-depends on
         automake (>=1.14), libtool.
       + debian/lighttpd-dev.install: Added.
     - debian/control: libgamin-dev rather than libfam-dev to fix startup warning.
     - debian/rules: Add override_dh_installinit to set "defaults 91 09" to not
       start before apache2 but in the same runlevel with the same priority.
     - Added a UFW profile set:
       + debian/lighttpd.dirs: added etc/ufw/applications.d
       + debian/rules: install the ufw profile.
       + debian/control: Suggests on ufw.
 .
 lighttpd (1.4.33-1+nmu2) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix regression caused by the fix for cve-2013-4508 (closes: #729480).
 .
 lighttpd (1.4.33-1+nmu1) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team (closes: #729453).
   * Fix cve-2013-4508: ssl cipher suites issue.
   * Fix cve-2013-4559: setuid privilege escalation issue.
   * Fix cve-2013-4560: use-after-free in fam.
Checksums-Sha1: 
 96842f92087b1f45d587a733f763f752330c70b4 2904 lighttpd_1.4.33-1+nmu2ubuntu1.dsc
 e9c28a3507960c02dce76454b6f07ea4619d1297 39159 lighttpd_1.4.33-1+nmu2ubuntu1.debian.tar.gz
Checksums-Sha256: 
 e5950132e65f513819382e84de21ff83fc5f6b8ba6ba8477343f1e2b0430f0eb 2904 lighttpd_1.4.33-1+nmu2ubuntu1.dsc
 7809e93b9d92359495c2861513ae2d2fbb351b6369b2a66415444f797d5fd59b 39159 lighttpd_1.4.33-1+nmu2ubuntu1.debian.tar.gz
Files: 
 53b7a74c951e9195039d685dc4597e9b 2904 httpd optional lighttpd_1.4.33-1+nmu2ubuntu1.dsc
 b41a10c31b1d97a6fa9623d47585a890 39159 httpd optional lighttpd_1.4.33-1+nmu2ubuntu1.debian.tar.gz
Original-Maintainer: Debian lighttpd maintainers <pkg-lighttpd-maintainers at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCAAGBQJSsU9ZAAoJELmHbrCQs2xbBEIP/0cuAE0+XbsrVuaci0fi5wL5
wkqjoczkbEcRT6OUnMTWLNdPRdfhdS8SmsQq3wE3rocnyT/aC8AEeKubujxXPJ7a
HDu3Fv+5XJvOUmV2Wg3jcQiZRKO9Q0uZhZ/mpThrYK9gjfD0zGV5dS/wqOU2Reki
1JiCc/KxvLHK8hkwBJ1VE4GQbuiKIx6t0D/IHf47o84v3H60HAyBy75s4CR+pCPK
q8EUTfdMPKyjrW1yOmDJHaLsaZooOc2YjhAtGhkK14PcsSXSX59df7P7c2cFO3ip
RUaI/pDAdcrJ7vEWApsb82GbhZPLmWxTcncNXU/xDZZ0AHc9QuMiB5HMVIUQW8Bi
MPaDs77xUGYuTceeFPvwRuCMyk04zjs0z9e7Nr2jY7ApyMkY/iY0KHrG6brZWdYT
SY8++DsU/vTDJ9ZCEIistIMHc15kZmdgutIWMuXNRJxH+rByfV0lswwRKG1EWPtc
rgTHPpgpdZTUDfZmD4ztgjPzAoncLx/XLsfzBRNgmbtHDouihUrs4wtTJZCdUy2o
B9/i/riPpQeo7IBqh2wTzAG/Ii1ZDEbgtM7Ynk0GR8lwEYdBjfOEIKe2YeTVpDu+
OjvXeUzZHglrxRkcfcW/tnHJ0+/aY2rERWBIEaox0WevhxG/gYbiOaqrm91+fOvw
7Kff4025cIIaKayoncFf
=85N0
-----END PGP SIGNATURE-----