View Git repositories
Name Status Last Modified Last Commit
lp:ubuntu/wily/lighttpd 1 Development 2015-05-06 09:49:33 UTC
66. * Merge from Debian unstable. Remain...

Author: Artur Rona
Revision Date: 2015-01-26 02:36:43 UTC

* Merge from Debian unstable. Remaining changes:
  - debian/patches/add-lighttpd.pc-configure.patch:
    + Add lighttpd.pc to ac_config_files to fix FTBFS: make[3]:
      *** No rule to make target `lighttpd.pc', needed by `all-am'.
  - debian/patches/build-dev-package.patch,
    debian/control, debian/lighttpd-dev.install:
    + Add lighttpd-dev package.
  - debian/index.html:
    + Corrected BTS Ubuntu link and branding on the default page.
  - debian/lighttpd.conf:
    + Comment 'use-ipv6.pl' by default, which causes failure
      to bind port in ipv4.
  - debian/control:
    + Build-Depends on libgamin-dev rather than libfam-dev
      to fix startup warning.
  - debian/rules:
    + Add override_dh_installinit to set "defaults 91 09" to not
      start before apache2 but in the same runlevel with
      the same priority.
  - debian/lighttpd.dirs, debian/control, debian/rules,
    debian/lighttpd.ufw.profile:
    + Add the UFW profile.

lp:ubuntu/vivid/lighttpd 2 Mature 2015-01-26 02:01:35 UTC
66. * Merge from Debian unstable. Remain...

Author: Artur Rona
Revision Date: 2015-01-26 02:36:43 UTC

* Merge from Debian unstable. Remaining changes:
  - debian/patches/add-lighttpd.pc-configure.patch:
    + Add lighttpd.pc to ac_config_files to fix FTBFS: make[3]:
      *** No rule to make target `lighttpd.pc', needed by `all-am'.
  - debian/patches/build-dev-package.patch,
    debian/control, debian/lighttpd-dev.install:
    + Add lighttpd-dev package.
  - debian/index.html:
    + Corrected BTS Ubuntu link and branding on the default page.
  - debian/lighttpd.conf:
    + Comment 'use-ipv6.pl' by default, which causes failure
      to bind port in ipv4.
  - debian/control:
    + Build-Depends on libgamin-dev rather than libfam-dev
      to fix startup warning.
  - debian/rules:
    + Add override_dh_installinit to set "defaults 91 09" to not
      start before apache2 but in the same runlevel with
      the same priority.
  - debian/lighttpd.dirs, debian/control, debian/rules,
    debian/lighttpd.ufw.profile:
    + Add the UFW profile.

lp:ubuntu/vivid-proposed/lighttpd 1 Development 2015-01-26 02:01:35 UTC
66. * Merge from Debian unstable. Remain...

Author: Artur Rona
Revision Date: 2015-01-26 02:36:43 UTC

* Merge from Debian unstable. Remaining changes:
  - debian/patches/add-lighttpd.pc-configure.patch:
    + Add lighttpd.pc to ac_config_files to fix FTBFS: make[3]:
      *** No rule to make target `lighttpd.pc', needed by `all-am'.
  - debian/patches/build-dev-package.patch,
    debian/control, debian/lighttpd-dev.install:
    + Add lighttpd-dev package.
  - debian/index.html:
    + Corrected BTS Ubuntu link and branding on the default page.
  - debian/lighttpd.conf:
    + Comment 'use-ipv6.pl' by default, which causes failure
      to bind port in ipv4.
  - debian/control:
    + Build-Depends on libgamin-dev rather than libfam-dev
      to fix startup warning.
  - debian/rules:
    + Add override_dh_installinit to set "defaults 91 09" to not
      start before apache2 but in the same runlevel with
      the same priority.
  - debian/lighttpd.dirs, debian/control, debian/rules,
    debian/lighttpd.ufw.profile:
    + Add the UFW profile.

lp:ubuntu/utopic/lighttpd 2 Mature 2014-04-26 10:42:31 UTC
65. * Use dh-autoreconf to regenerate aut...

Author: Andreas Moog
Revision Date: 2014-01-28 18:08:02 UTC

* Use dh-autoreconf to regenerate autotools files, fixes FTBFS with
  automake 1.14.1 (Closes: #726934)
* Add lighttpd.pc to ac_config_files to fix FTBFS:
  make[3]: *** No rule to make target `lighttpd.pc', needed by `all-am'.

lp:ubuntu/precise/lighttpd bug 2 Mature 2014-04-02 12:46:48 UTC
59. * debian/patches/CVE-2011-4362.patch:...

Author: Mahyuddin Susanto
Revision Date: 2011-12-20 16:29:28 UTC

* debian/patches/CVE-2011-4362.patch: Fix DoS because of incorrect code in
  src/http_auth.c:67 (LP: #906792)
  - CVE-2011-4362

lp:ubuntu/trusty-proposed/lighttpd bug 2 Mature 2014-01-28 17:21:07 UTC
65. * Use dh-autoreconf to regenerate aut...

Author: Andreas Moog
Revision Date: 2014-01-28 18:08:02 UTC

* Use dh-autoreconf to regenerate autotools files, fixes FTBFS with
  automake 1.14.1 (Closes: #726934)
* Add lighttpd.pc to ac_config_files to fix FTBFS:
  make[3]: *** No rule to make target `lighttpd.pc', needed by `all-am'.

lp:ubuntu/trusty/lighttpd 1 Development 2014-01-28 17:21:07 UTC
65. * Use dh-autoreconf to regenerate aut...

Author: Andreas Moog
Revision Date: 2014-01-28 18:08:02 UTC

* Use dh-autoreconf to regenerate autotools files, fixes FTBFS with
  automake 1.14.1 (Closes: #726934)
* Add lighttpd.pc to ac_config_files to fix FTBFS:
  make[3]: *** No rule to make target `lighttpd.pc', needed by `all-am'.

lp:ubuntu/saucy-proposed/lighttpd 2 Mature 2013-10-15 10:55:31 UTC
62. Use the autotools-dev dh addon to upd...

Author: Colin Watson
Revision Date: 2013-10-15 11:01:00 UTC

Use the autotools-dev dh addon to update config.guess/config.sub for
arm64.

lp:ubuntu/saucy/lighttpd 1 Development 2013-10-15 10:55:31 UTC
62. Use the autotools-dev dh addon to upd...

Author: Colin Watson
Revision Date: 2013-10-15 11:01:00 UTC

Use the autotools-dev dh addon to update config.guess/config.sub for
arm64.

lp:ubuntu/raring/lighttpd 2 Mature 2013-03-25 11:55:53 UTC
61. * Import change from debian version 1...

Author: Lorenzo De Liso
Revision Date: 2013-03-25 11:55:53 UTC

* Import change from debian version 1.4.31-4:
  - CVE-2013-1427: Switch the socket path for PHP when using FASTCGI. /tmp
    is world-writable which may cause security implications if an attacker
    manages to control /tmp/php.socket before the web server (re-)starts.

lp:ubuntu/raring-proposed/lighttpd 1 Development 2013-03-25 11:55:53 UTC
61. * Import change from debian version 1...

Author: Lorenzo De Liso
Revision Date: 2013-03-25 11:55:53 UTC

* Import change from debian version 1.4.31-4:
  - CVE-2013-1427: Switch the socket path for PHP when using FASTCGI. /tmp
    is world-writable which may cause security implications if an attacker
    manages to control /tmp/php.socket before the web server (re-)starts.

lp:ubuntu/quantal/lighttpd 2 Mature 2012-04-26 17:20:27 UTC
59. * debian/patches/CVE-2011-4362.patch:...

Author: Mahyuddin Susanto
Revision Date: 2011-12-20 16:29:28 UTC

* debian/patches/CVE-2011-4362.patch: Fix DoS because of incorrect code in
  src/http_auth.c:67 (LP: #906792)
  - CVE-2011-4362

lp:ubuntu/oneiric-updates/lighttpd 2 Mature 2011-12-20 16:37:11 UTC
58. * SECURITY UPDATE: Fix DoS because of...

Author: Mahyuddin Susanto
Revision Date: 2011-12-20 16:29:32 UTC

* SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
  (LP: #906792)
  - debian/patches/CVE-2011-4362.patch: patch derived from upstream
  - CVE-2011-4362

lp:ubuntu/natty-updates/lighttpd 2 Mature 2011-12-20 16:37:04 UTC
57. * SECURITY UPDATE: Fix DoS because of...

Author: Mahyuddin Susanto
Revision Date: 2011-12-20 16:29:23 UTC

* SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
  (LP: #906792)
  - debian/patches/CVE-2011-4362.patch: patch derived from upstream
  - CVE-2011-4362

lp:ubuntu/maverick-updates/lighttpd 2 Mature 2011-12-20 16:36:56 UTC
55. * SECURITY UPDATE: Fix DoS because of...

Author: Mahyuddin Susanto
Revision Date: 2011-12-20 16:29:26 UTC

* SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
  (LP: #906792)
  - debian/patches/CVE-2011-4362.patch: patch derived from upstream
  - CVE-2011-4362

lp:ubuntu/lucid-updates/lighttpd 2 Mature 2011-12-20 16:36:48 UTC
53. * SECURITY UPDATE: Fix DoS because of...

Author: Mahyuddin Susanto
Revision Date: 2011-12-20 16:29:30 UTC

* SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
  (LP: #906792)
  - debian/patches/CVE-2011-4362.patch: patch derived from upstream
  - CVE-2011-4362

lp:ubuntu/oneiric-security/lighttpd bug 2 Mature 2011-12-20 16:29:32 UTC
58. * SECURITY UPDATE: Fix DoS because of...

Author: Mahyuddin Susanto
Revision Date: 2011-12-20 16:29:32 UTC

* SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
  (LP: #906792)
  - debian/patches/CVE-2011-4362.patch: patch derived from upstream
  - CVE-2011-4362

lp:ubuntu/lucid-security/lighttpd bug 2 Mature 2011-12-20 16:29:30 UTC
53. * SECURITY UPDATE: Fix DoS because of...

Author: Mahyuddin Susanto
Revision Date: 2011-12-20 16:29:30 UTC

* SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
  (LP: #906792)
  - debian/patches/CVE-2011-4362.patch: patch derived from upstream
  - CVE-2011-4362

lp:ubuntu/maverick-security/lighttpd bug 2 Mature 2011-12-20 16:29:26 UTC
55. * SECURITY UPDATE: Fix DoS because of...

Author: Mahyuddin Susanto
Revision Date: 2011-12-20 16:29:26 UTC

* SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
  (LP: #906792)
  - debian/patches/CVE-2011-4362.patch: patch derived from upstream
  - CVE-2011-4362

lp:ubuntu/natty-security/lighttpd bug 2 Mature 2011-12-20 16:29:23 UTC
57. * SECURITY UPDATE: Fix DoS because of...

Author: Mahyuddin Susanto
Revision Date: 2011-12-20 16:29:23 UTC

* SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
  (LP: #906792)
  - debian/patches/CVE-2011-4362.patch: patch derived from upstream
  - CVE-2011-4362

lp:ubuntu/oneiric/lighttpd 2 Mature 2011-08-20 21:08:28 UTC
57. No-change rebuild for openssl0.9.8 ->...

Author: Ilya Barygin
Revision Date: 2011-08-20 21:08:28 UTC

No-change rebuild for openssl0.9.8 -> openssl1.0.0 transition.

lp:ubuntu/natty/lighttpd bug 2 Mature 2010-11-21 07:14:27 UTC
56. * Merge from debian unstable. Remaini...

Author: Bhavani Shankar
Revision Date: 2010-11-21 07:14:27 UTC

* Merge from debian unstable. Remaining changes:
  - debian/control:
    + libgamin-dev rather than libfam-dev to fix startup warning.
    + debhelper Build-depends bumped to (>= 7.0.50) for
      overrides in rules file.
  - debian/index.html: s/Debian/Ubuntu/g branding on the default page.
  - Added a UFW profile set:
    + debian/lighttpd.dirs: added etc/ufw/applications.d
    + debian/rules: install the ufw profile.
    + debian/control: Suggests on ufw.
  - Add lighttpd-dev package:
    + debian/control: Added lighttpd-dev package; Build-depends on
      automake, libtool
    + debian/lighttpd-dev.install: Added.
  - debian/rules:
    + Add override_dh_installinit to set "defaults 91 09" to not start
      before apache2 but in the same runlevel with the same priority.
  - debian/patches/build-dev-package.patch: Updated
  - debian/lighttpd.conf: Comment 'use-ipv6.pl' by default, which causes
    failure to bind port in ipv4 (LP: #551211)

lp:ubuntu/maverick/lighttpd bug 2 Mature 2010-09-01 03:19:09 UTC
54. syntax_check function defined in init...

Author: David Sugar
Revision Date: 2010-07-15 17:50:35 UTC

syntax_check function defined in init script. (LP: #600767)

lp:ubuntu/lucid/lighttpd bug 1 Development 2010-09-01 03:18:42 UTC
52. debian/control: Rebuild for libmysqlc...

Author: Chuck Short
Revision Date: 2010-04-06 06:12:07 UTC

debian/control: Rebuild for libmysqlclient transition.

lp:ubuntu/jaunty/lighttpd 2 Mature 2009-12-18 13:16:08 UTC
45. * debian/index.html: do not point to ...

Author: Daniel Hahler
Revision Date: 2009-03-17 22:36:05 UTC

* debian/index.html: do not point to edge.launchpad.net
  (LP: #302845)
* Fix documentation reference to virtual hosting by referring
  to mod_simple_vhost (LP: #247271)
  - debian/patches/fix-conf-doc.patch

lp:ubuntu/intrepid/lighttpd 2 Mature 2009-12-18 13:15:53 UTC
38. * debian/control: Depend on lsb >= 3....

Author: Andres Rodriguez
Revision Date: 2008-07-25 11:47:48 UTC

* debian/control: Depend on lsb >= 3.2-14, which has the
  status_of_proc() function.
* debian/init.d: Add the 'status' action (LP: #251924).

lp:ubuntu/hardy/lighttpd 2 Mature 2009-12-18 13:15:02 UTC
36. * SECURITY UPDATE: (LP: #209627) + d...

Author: Emanuele Gentili
Revision Date: 2008-04-06 00:09:12 UTC

* SECURITY UPDATE: (LP: #209627)
 + debian/patches/92_CVE-2008-1531.dpatch
  - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
    of service (active SSL connection loss) by triggering an SSL error,
    such as disconnecting before a download has finished, which causes
    all active SSL connections to be lost.
* References
 + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
 + http://trac.lighttpd.net/trac/changeset/2136
 + http://trac.lighttpd.net/trac/changeset/2139

lp:ubuntu/gutsy/lighttpd 1 Development 2009-12-18 13:14:16 UTC
28. * Merge from Debian unstable, remaini...

Author: Soren Hansen
Revision Date: 2007-09-12 14:02:31 UTC

* Merge from Debian unstable, remaining changes:
  - Update maintainer field in debian/control.
  - Build against libgamin-dev rather than libfam-dev (fixes a warning
    during startup)
  - Make sure that upgrades succeed, even if we can't restart lighttpd.
  - Clean environment in init.d script.

lp:ubuntu/feisty/lighttpd 1 Development 2009-12-18 13:13:50 UTC
21. * Added LDAP connection leak fix from...

Author: Lukas Fittl
Revision Date: 2007-04-14 05:26:10 UTC

* Added LDAP connection leak fix from Debian (Bug: #413917)
  - debian/patches/03_ldap_leak_bugfix.dpatch
* Added security fixes from 1.4.14 (Closes LP: #106416)
  - Remote DOS in CRLF parsing (CVE-2007-1869)
     debian/patches/04_security_crlf_parsing_dos.dpatch
  - DOS with files with mtime 0 (CVE-2007-1870)
     debian/patches/05_security_zero_mtime_crash.dpatch

lp:ubuntu/edgy/lighttpd 1 Development 2009-12-18 13:13:33 UTC
13. * Merge from Debian unstable (Closes:...

Author: Lukas Fittl
Revision Date: 2006-10-10 13:57:38 UTC

* Merge from Debian unstable (Closes: Malone #64900). Remaining changes:
  - Add an additional dependency on libterm-readline-perl-perl
    (Malone #43895)

lp:ubuntu/dapper/lighttpd 2 Mature 2009-12-18 13:13:00 UTC
10. * debian/control + Added depends on...

Author: Chuck Short
Revision Date: 2006-05-10 18:11:24 UTC

* debian/control
  + Added depends on libterm-readline-perl-perl. (Closes: Malone #43895)

lp:ubuntu/karmic/lighttpd bug 1 Development 2009-10-10 00:08:19 UTC
49. Fix FTBFS, replaced automake with aut...

Author: João Pinto
Revision Date: 2009-10-10 00:08:19 UTC

Fix FTBFS, replaced automake with automake1.10 on Build-Depends
(LP #447672)

lp:ubuntu/hardy-security/lighttpd bug 2 Mature 2009-08-15 03:23:13 UTC
37. * SECURITY UPDATE: (LP: #279490) + d...

Author: Marcin Gibula
Revision Date: 2009-03-04 13:42:05 UTC

* SECURITY UPDATE: (LP: #279490)
 + debian/patches/93_CVE-2008-4298.dpatch
  - Fix memory leak in request header handling
 + debian/patches/95_CVE-2008-4360.dpatch
  - Fix mod_userdir information disclosure
* References
 + https://bugs.launchpad.net/bugs/cve/2008-4298
 + https://bugs.launchpad.net/bugs/cve/2008-4360

lp:ubuntu/gutsy-updates/lighttpd bug 1 Development 2009-08-15 03:22:22 UTC
32. * SECURITY UPDATE: (LP: #209627) + d...

Author: Emanuele Gentili
Revision Date: 2008-04-06 03:39:14 UTC

* SECURITY UPDATE: (LP: #209627)
 + debian/patches/91_CVE-2008-1531.dpatch
  - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
    of service (active SSL connection loss) by triggering an SSL error,
    such as disconnecting before a download has finished, which causes
    all active SSL connections to be lost.
* References
 + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
 + http://trac.lighttpd.net/trac/changeset/2136
 + http://trac.lighttpd.net/trac/changeset/2139

lp:ubuntu/hardy-updates/lighttpd 2 Mature 2009-08-15 03:21:43 UTC
37. * SECURITY UPDATE: (LP: #279490) + d...

Author: Marcin Gibula
Revision Date: 2009-03-04 13:42:05 UTC

* SECURITY UPDATE: (LP: #279490)
 + debian/patches/93_CVE-2008-4298.dpatch
  - Fix memory leak in request header handling
 + debian/patches/95_CVE-2008-4360.dpatch
  - Fix mod_userdir information disclosure
* References
 + https://bugs.launchpad.net/bugs/cve/2008-4298
 + https://bugs.launchpad.net/bugs/cve/2008-4360

lp:ubuntu/feisty-security/lighttpd bug 1 Development 2009-08-15 03:21:22 UTC
27. * SECURITY UPDATE: (LP: #209627) + d...

Author: Emanuele Gentili
Revision Date: 2008-04-06 23:55:30 UTC

* SECURITY UPDATE: (LP: #209627)
 + debian/patches/91_CVE-2008-1531.dpatch
  - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
    of service (active SSL connection loss) by triggering an SSL error,
    such as disconnecting before a download has finished, which causes
    all active SSL connections to be lost.
* References
 + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
 + http://trac.lighttpd.net/trac/changeset/2136
 + http://trac.lighttpd.net/trac/changeset/2139

lp:ubuntu/edgy-security/lighttpd bug 1 Development 2009-08-15 03:21:12 UTC
20. * SECURITY UPDATE: (LP: #209627) + d...

Author: Emanuele Gentili
Revision Date: 2008-04-07 19:45:59 UTC

* SECURITY UPDATE: (LP: #209627)
 + debian/patches/91_CVE-2008-1531.dpatch
  - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
    of service (active SSL connection loss) by triggering an SSL error,
    such as disconnecting before a download has finished, which causes
    all active SSL connections to be lost.
* References
 + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
 + http://trac.lighttpd.net/trac/changeset/2136
 + http://trac.lighttpd.net/trac/changeset/2139

lp:ubuntu/gutsy-security/lighttpd 1 Development 2009-08-15 03:20:41 UTC
32. * SECURITY UPDATE: (LP: #209627) + d...

Author: Emanuele Gentili
Revision Date: 2008-04-06 03:39:14 UTC

* SECURITY UPDATE: (LP: #209627)
 + debian/patches/91_CVE-2008-1531.dpatch
  - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
    of service (active SSL connection loss) by triggering an SSL error,
    such as disconnecting before a download has finished, which causes
    all active SSL connections to be lost.
* References
 + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
 + http://trac.lighttpd.net/trac/changeset/2136
 + http://trac.lighttpd.net/trac/changeset/2139

lp:ubuntu/feisty-updates/lighttpd 1 Development 2009-08-15 03:20:05 UTC
27. * SECURITY UPDATE: (LP: #209627) + d...

Author: Emanuele Gentili
Revision Date: 2008-04-06 23:55:30 UTC

* SECURITY UPDATE: (LP: #209627)
 + debian/patches/91_CVE-2008-1531.dpatch
  - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
    of service (active SSL connection loss) by triggering an SSL error,
    such as disconnecting before a download has finished, which causes
    all active SSL connections to be lost.
* References
 + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
 + http://trac.lighttpd.net/trac/changeset/2136
 + http://trac.lighttpd.net/trac/changeset/2139

lp:ubuntu/dapper-security/lighttpd bug 2 Mature 2009-08-15 03:19:29 UTC
16. * SECURITY UPDATE: (LP: #200987) + d...

Author: Emanuele Gentili
Revision Date: 2008-03-11 15:03:17 UTC

* SECURITY UPDATE: (LP: #200987)
 + debian/patches/91_CVE-2008-1270.dpatch
  - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
    uses a default of $HOME, which might allow remote attackers to read arbitrary
    files, as demonstrated by accessing the ~nobody directory.
* References
 + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
 + http://trac.lighttpd.net/trac/ticket/1587
 + http://trac.lighttpd.net/trac/changeset/2120

lp:ubuntu/edgy-updates/lighttpd 1 Development 2009-08-15 03:19:17 UTC
20. * SECURITY UPDATE: (LP: #209627) + d...

Author: Emanuele Gentili
Revision Date: 2008-04-07 19:45:59 UTC

* SECURITY UPDATE: (LP: #209627)
 + debian/patches/91_CVE-2008-1531.dpatch
  - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
    of service (active SSL connection loss) by triggering an SSL error,
    such as disconnecting before a download has finished, which causes
    all active SSL connections to be lost.
* References
 + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
 + http://trac.lighttpd.net/trac/changeset/2136
 + http://trac.lighttpd.net/trac/changeset/2139

lp:ubuntu/dapper-updates/lighttpd 2 Mature 2009-08-15 03:18:29 UTC
16. * SECURITY UPDATE: (LP: #200987) + d...

Author: Emanuele Gentili
Revision Date: 2008-03-11 15:03:17 UTC

* SECURITY UPDATE: (LP: #200987)
 + debian/patches/91_CVE-2008-1270.dpatch
  - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
    uses a default of $HOME, which might allow remote attackers to read arbitrary
    files, as demonstrated by accessing the ~nobody directory.
* References
 + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
 + http://trac.lighttpd.net/trac/ticket/1587
 + http://trac.lighttpd.net/trac/changeset/2120

lp:ubuntu/dapper-proposed/lighttpd 2 Mature 2009-08-15 03:18:09 UTC
12. * Added relevant security fix from 1....

Author: Scott Kitterman
Revision Date: 2007-04-24 12:04:01 UTC

* Added relevant security fix from 1.4.14 (Closes LP: #107628)
  - DOS with files with mtime 0 (CVE-2007-1870)
     security_zero_mtime_crash

143 of 43 results