Ubuntu
lighttpd package

2 new security fixes in 1.4.14

Bug #106416 reported by Lukas Fittl
254
Affects Status Importance Assigned to Milestone
lighttpd (Ubuntu)
Fix Released
Medium
Lukas Fittl
Nominated for Dapper by Lukas Fittl
Nominated for Edgy by Lukas Fittl

Bug Description

Binary package hint: lighttpd

The new lighttpd release 1.4.14 (and the hotfix release 1.4.15), contains two security fixes:

Remote DOS in CRLF parsing (http://lighttpd.net/assets/2007/4/13/lighttpd_sa2007_01.txt)
DOS with files with mtime 0 (http://lighttpd.net/assets/2007/4/13/lighttpd_sa2007_02.txt)

Please update the Ubuntu packages!

Related branches

lp:ubuntu/karmic/lighttpd

CVE References

Revision history for this message
Lukas Fittl (lfittl) wrote :
Revision history for this message
Lukas Fittl (lfittl) wrote :
Lukas Fittl (lfittl)
Changed in lighttpd:
assignee: nobody → lfittl
importance: Undecided → Medium
status: Unconfirmed → In Progress
Revision history for this message
Lukas Fittl (lfittl) wrote :

Fix uploaded for feisty, {dapper,edgy}-security still without security fixes.

Changed in lighttpd:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.