Author: Colin Watson
Author Date: 2013-10-15 10:01:00 UTC

Import patches-applied version 1.4.31-3ubuntu3 to applied/ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: aea6e28327c67ba218c163111a2f7caf7855216f
Unapplied parent: f4106f23b4f205123558d0d2768d3364051cc22d

New changelog entries:
  * Use the autotools-dev dh addon to update config.guess/config.sub for
    arm64.

Author: Colin Watson
Author Date: 2013-10-15 10:01:00 UTC

Import patches-applied version 1.4.31-3ubuntu3 to applied/ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: aea6e28327c67ba218c163111a2f7caf7855216f
Unapplied parent: f4106f23b4f205123558d0d2768d3364051cc22d

New changelog entries:
  * Use the autotools-dev dh addon to update config.guess/config.sub for
    arm64.

Author: Colin Watson
Author Date: 2013-10-15 10:01:00 UTC

Import patches-applied version 1.4.31-3ubuntu3 to applied/ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: aea6e28327c67ba218c163111a2f7caf7855216f
Unapplied parent: f4106f23b4f205123558d0d2768d3364051cc22d

New changelog entries:
  * Use the autotools-dev dh addon to update config.guess/config.sub for
    arm64.

Author: Colin Watson
Author Date: 2013-10-15 10:01:00 UTC

Import patches-unapplied version 1.4.31-3ubuntu3 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 4553f9e3adddb49938d02d155851f29a828ff447

New changelog entries:
  * Use the autotools-dev dh addon to update config.guess/config.sub for
    arm64.

Author: Colin Watson
Author Date: 2013-10-15 10:01:00 UTC

Import patches-unapplied version 1.4.31-3ubuntu3 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 4553f9e3adddb49938d02d155851f29a828ff447

New changelog entries:
  * Use the autotools-dev dh addon to update config.guess/config.sub for
    arm64.

Author: Colin Watson
Author Date: 2013-10-15 10:01:00 UTC

Import patches-unapplied version 1.4.31-3ubuntu3 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 4553f9e3adddb49938d02d155851f29a828ff447

New changelog entries:
  * Use the autotools-dev dh addon to update config.guess/config.sub for
    arm64.

Author: Lorenzo De Liso
Author Date: 2013-03-25 10:55:53 UTC

Import patches-applied version 1.4.31-3ubuntu2 to applied/ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 18a76f6f601a9c6ba887b8f6169a767968122ba2
Unapplied parent: db427ee9dc2aca66ab68f134acee6b30503a6afc

New changelog entries:
  * Import change from debian version 1.4.31-4:
    - CVE-2013-1427: Switch the socket path for PHP when using FASTCGI. /tmp
      is world-writable which may cause security implications if an attacker
      manages to control /tmp/php.socket before the web server (re-)starts.

Author: Lorenzo De Liso
Author Date: 2013-03-25 10:55:53 UTC

Import patches-applied version 1.4.31-3ubuntu2 to applied/ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 18a76f6f601a9c6ba887b8f6169a767968122ba2
Unapplied parent: db427ee9dc2aca66ab68f134acee6b30503a6afc

New changelog entries:
  * Import change from debian version 1.4.31-4:
    - CVE-2013-1427: Switch the socket path for PHP when using FASTCGI. /tmp
      is world-writable which may cause security implications if an attacker
      manages to control /tmp/php.socket before the web server (re-)starts.

Author: Lorenzo De Liso
Author Date: 2013-03-25 10:55:53 UTC

Import patches-unapplied version 1.4.31-3ubuntu2 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: e915070906c7cda54a3a8cedde4c98726658e319

New changelog entries:
  * Import change from debian version 1.4.31-4:
    - CVE-2013-1427: Switch the socket path for PHP when using FASTCGI. /tmp
      is world-writable which may cause security implications if an attacker
      manages to control /tmp/php.socket before the web server (re-)starts.

Author: Lorenzo De Liso
Author Date: 2013-03-25 10:55:53 UTC

Import patches-unapplied version 1.4.31-3ubuntu2 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: e915070906c7cda54a3a8cedde4c98726658e319

New changelog entries:
  * Import change from debian version 1.4.31-4:
    - CVE-2013-1427: Switch the socket path for PHP when using FASTCGI. /tmp
      is world-writable which may cause security implications if an attacker
      manages to control /tmp/php.socket before the web server (re-)starts.

Author: Lorenzo De Liso
Author Date: 2013-03-25 10:55:53 UTC

Import patches-unapplied version 1.4.31-3ubuntu2 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: e915070906c7cda54a3a8cedde4c98726658e319

New changelog entries:
  * Import change from debian version 1.4.31-4:
    - CVE-2013-1427: Switch the socket path for PHP when using FASTCGI. /tmp
      is world-writable which may cause security implications if an attacker
      manages to control /tmp/php.socket before the web server (re-)starts.

Author: Lorenzo De Liso
Author Date: 2013-03-25 10:55:53 UTC

Import patches-applied version 1.4.31-3ubuntu2 to applied/ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 18a76f6f601a9c6ba887b8f6169a767968122ba2
Unapplied parent: db427ee9dc2aca66ab68f134acee6b30503a6afc

New changelog entries:
  * Import change from debian version 1.4.31-4:
    - CVE-2013-1427: Switch the socket path for PHP when using FASTCGI. /tmp
      is world-writable which may cause security implications if an attacker
      manages to control /tmp/php.socket before the web server (re-)starts.

Author: Arno Töll
Author Date: 2011-12-18 22:41:49 UTC

Import patches-unapplied version 1.4.19-5+lenny3 to debian/lenny

Imported using git-ubuntu import.

Changelog parent: 09199fa491a04b8607c264a804735476ee21be25

New changelog entries:
  * Backport security issues from 1.4.30:
    + Fix integer overflow (CVE-2011-4362)
    + Fix attack vector as disclosed by the SSL BEAST attack (related:
      CVE-2011-3389). Note: If you are upgrading from an older version you need
      to change your configuration to mitigate effects of the attack. See the
      corresponding NEWS file for details.

Author: Arno Töll
Author Date: 2011-12-18 22:41:49 UTC

Import patches-applied version 1.4.19-5+lenny3 to applied/debian/lenny

Imported using git-ubuntu import.

Changelog parent: bd65de9d97a8d5fc183af71be8acddce6a2cb244
Unapplied parent: 3d0af40b8b94ebe48b77fe80f0b544e4fa43dee7

New changelog entries:
  * Backport security issues from 1.4.30:
    + Fix integer overflow (CVE-2011-4362)
    + Fix attack vector as disclosed by the SSL BEAST attack (related:
      CVE-2011-3389). Note: If you are upgrading from an older version you need
      to change your configuration to mitigate effects of the attack. See the
      corresponding NEWS file for details.

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:35:38 UTC

Import patches-applied version 1.4.26-3ubuntu2.1 to applied/ubuntu/maverick-security

Imported using git-ubuntu import.

Changelog parent: 8fde992534d3f5d52cfcc6d6cb129db51cb8d004
Unapplied parent: 7f1ae8b0cebb79ded9bb70235a1d97f185c968ec

New changelog entries:
  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:36:39 UTC

Import patches-applied version 1.4.28-2ubuntu2.1 to applied/ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 482c6fcd41c962328ada62b17d73eb13a53011a9
Unapplied parent: 70bb541a6e982c56569daf768256dfa5a97bb41b

New changelog entries:
  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:36:39 UTC

Import patches-applied version 1.4.28-2ubuntu2.1 to applied/ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 482c6fcd41c962328ada62b17d73eb13a53011a9
Unapplied parent: 70bb541a6e982c56569daf768256dfa5a97bb41b

New changelog entries:
  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:36:09 UTC

Import patches-applied version 1.4.28-2ubuntu1.1 to applied/ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: cfe3c9054b7604b9cc9ab7811e6d20be225bdbf0
Unapplied parent: 78305c189a895755a84d8f7fb8f3f2314d9c3a11

New changelog entries:
  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:36:09 UTC

Import patches-applied version 1.4.28-2ubuntu1.1 to applied/ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: cfe3c9054b7604b9cc9ab7811e6d20be225bdbf0
Unapplied parent: 78305c189a895755a84d8f7fb8f3f2314d9c3a11

New changelog entries:
  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:36:09 UTC

Import patches-applied version 1.4.28-2ubuntu1.1 to applied/ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: cfe3c9054b7604b9cc9ab7811e6d20be225bdbf0
Unapplied parent: 78305c189a895755a84d8f7fb8f3f2314d9c3a11

New changelog entries:
  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:35:38 UTC

Import patches-applied version 1.4.26-3ubuntu2.1 to applied/ubuntu/maverick-security

Imported using git-ubuntu import.

Changelog parent: 8fde992534d3f5d52cfcc6d6cb129db51cb8d004
Unapplied parent: 7f1ae8b0cebb79ded9bb70235a1d97f185c968ec

New changelog entries:
  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:35:38 UTC

Import patches-applied version 1.4.26-3ubuntu2.1 to applied/ubuntu/maverick-security

Imported using git-ubuntu import.

Changelog parent: 8fde992534d3f5d52cfcc6d6cb129db51cb8d004
Unapplied parent: 7f1ae8b0cebb79ded9bb70235a1d97f185c968ec

New changelog entries:
  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:36:39 UTC

Import patches-applied version 1.4.28-2ubuntu2.1 to applied/ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 482c6fcd41c962328ada62b17d73eb13a53011a9
Unapplied parent: 70bb541a6e982c56569daf768256dfa5a97bb41b

New changelog entries:
  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:34:44 UTC

Import patches-applied version 1.4.26-1.1ubuntu3.1 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: a33f89c627c008cb6ddde4ba0943886341409fda
Unapplied parent: aa86f097acfaef5440c97bfb386ae503478c7f5f

New changelog entries:
  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:34:44 UTC

Import patches-applied version 1.4.26-1.1ubuntu3.1 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: a33f89c627c008cb6ddde4ba0943886341409fda
Unapplied parent: aa86f097acfaef5440c97bfb386ae503478c7f5f

New changelog entries:
  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:34:44 UTC

Import patches-applied version 1.4.26-1.1ubuntu3.1 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: a33f89c627c008cb6ddde4ba0943886341409fda
Unapplied parent: aa86f097acfaef5440c97bfb386ae503478c7f5f

New changelog entries:
  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:34:44 UTC

Import patches-unapplied version 1.4.26-1.1ubuntu3.1 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 01d9b94158f885e54ccaa473ec5901919e0054d1

New changelog entries:
  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:34:44 UTC

Import patches-unapplied version 1.4.26-1.1ubuntu3.1 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 01d9b94158f885e54ccaa473ec5901919e0054d1

New changelog entries:
  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:34:44 UTC

Import patches-unapplied version 1.4.26-1.1ubuntu3.1 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 01d9b94158f885e54ccaa473ec5901919e0054d1

New changelog entries:
  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:35:38 UTC

Import patches-unapplied version 1.4.26-3ubuntu2.1 to ubuntu/maverick-security

Imported using git-ubuntu import.

Changelog parent: c69f06e438060e19ef097b54c14639af99ebafe0

New changelog entries:
  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:35:38 UTC

Import patches-unapplied version 1.4.26-3ubuntu2.1 to ubuntu/maverick-security

Imported using git-ubuntu import.

Changelog parent: c69f06e438060e19ef097b54c14639af99ebafe0

New changelog entries:
  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:35:38 UTC

Import patches-unapplied version 1.4.26-3ubuntu2.1 to ubuntu/maverick-security

Imported using git-ubuntu import.

Changelog parent: c69f06e438060e19ef097b54c14639af99ebafe0

New changelog entries:
  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:36:09 UTC

Import patches-unapplied version 1.4.28-2ubuntu1.1 to ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: 407b1edbac7a757ee209f8e44fc43d6e87997dca

New changelog entries:
  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:36:09 UTC

Import patches-unapplied version 1.4.28-2ubuntu1.1 to ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: 407b1edbac7a757ee209f8e44fc43d6e87997dca

New changelog entries:
  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:36:09 UTC

Import patches-unapplied version 1.4.28-2ubuntu1.1 to ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: 407b1edbac7a757ee209f8e44fc43d6e87997dca

New changelog entries:
  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:36:39 UTC

Import patches-unapplied version 1.4.28-2ubuntu2.1 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: fad823b0df6134eaa86dd9e4f61a6cd381e5ffea

New changelog entries:
  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:36:39 UTC

Import patches-unapplied version 1.4.28-2ubuntu2.1 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: fad823b0df6134eaa86dd9e4f61a6cd381e5ffea

New changelog entries:
  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:36:39 UTC

Import patches-unapplied version 1.4.28-2ubuntu2.1 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: fad823b0df6134eaa86dd9e4f61a6cd381e5ffea

New changelog entries:
  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:32:22 UTC

Import patches-applied version 1.4.28-2ubuntu4 to applied/ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: dcb26d0c200c286f2330eb7e9eb8d84075a29711
Unapplied parent: 2243d2d749b845dc3d6cf984450182b193e44f39

New changelog entries:
  * debian/patches/CVE-2011-4362.patch: Fix DoS because of incorrect code in
    src/http_auth.c:67 (LP: #906792)
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:32:22 UTC

Import patches-applied version 1.4.28-2ubuntu4 to applied/ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: dcb26d0c200c286f2330eb7e9eb8d84075a29711
Unapplied parent: 2243d2d749b845dc3d6cf984450182b193e44f39

New changelog entries:
  * debian/patches/CVE-2011-4362.patch: Fix DoS because of incorrect code in
    src/http_auth.c:67 (LP: #906792)
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:32:22 UTC

Import patches-applied version 1.4.28-2ubuntu4 to applied/ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: dcb26d0c200c286f2330eb7e9eb8d84075a29711
Unapplied parent: 2243d2d749b845dc3d6cf984450182b193e44f39

New changelog entries:
  * debian/patches/CVE-2011-4362.patch: Fix DoS because of incorrect code in
    src/http_auth.c:67 (LP: #906792)
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:32:22 UTC

Import patches-unapplied version 1.4.28-2ubuntu4 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: c916bfae9e1a703a44398889ba02efd350ebb749

New changelog entries:
  * debian/patches/CVE-2011-4362.patch: Fix DoS because of incorrect code in
    src/http_auth.c:67 (LP: #906792)
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:32:22 UTC

Import patches-unapplied version 1.4.28-2ubuntu4 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: c916bfae9e1a703a44398889ba02efd350ebb749

New changelog entries:
  * debian/patches/CVE-2011-4362.patch: Fix DoS because of incorrect code in
    src/http_auth.c:67 (LP: #906792)
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:32:22 UTC

Import patches-unapplied version 1.4.28-2ubuntu4 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: c916bfae9e1a703a44398889ba02efd350ebb749

New changelog entries:
  * debian/patches/CVE-2011-4362.patch: Fix DoS because of incorrect code in
    src/http_auth.c:67 (LP: #906792)
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:32:22 UTC

Import patches-unapplied version 1.4.28-2ubuntu4 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: c916bfae9e1a703a44398889ba02efd350ebb749

New changelog entries:
  * debian/patches/CVE-2011-4362.patch: Fix DoS because of incorrect code in
    src/http_auth.c:67 (LP: #906792)
    - CVE-2011-4362

Author: Mahyuddin Susanto
Author Date: 2011-12-20 10:32:22 UTC

Import patches-applied version 1.4.28-2ubuntu4 to applied/ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: dcb26d0c200c286f2330eb7e9eb8d84075a29711
Unapplied parent: 2243d2d749b845dc3d6cf984450182b193e44f39

New changelog entries:
  * debian/patches/CVE-2011-4362.patch: Fix DoS because of incorrect code in
    src/http_auth.c:67 (LP: #906792)
    - CVE-2011-4362

Author: Ilya Barygin
Author Date: 2011-08-20 20:26:14 UTC

Import patches-unapplied version 1.4.28-2ubuntu2 to ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: 407b1edbac7a757ee209f8e44fc43d6e87997dca

New changelog entries:
  * No-change rebuild for openssl0.9.8 -> openssl1.0.0 transition.

Author: Ilya Barygin
Author Date: 2011-08-20 20:26:14 UTC

Import patches-applied version 1.4.28-2ubuntu2 to applied/ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: cfe3c9054b7604b9cc9ab7811e6d20be225bdbf0
Unapplied parent: 78f682de95f70f62679d44c9a9d485def326638f

New changelog entries:
  * No-change rebuild for openssl0.9.8 -> openssl1.0.0 transition.

Author: Bhavani Shankar
Author Date: 2010-11-21 06:39:27 UTC

Import patches-applied version 1.4.28-2ubuntu1 to applied/ubuntu/natty

Imported using git-ubuntu import.

Changelog parent: 819010cbd703e143e3e73ed9e01ac33b8fe3ce22
Unapplied parent: f4583bfadecec964ff4b156bb1917bcc925722f0

New changelog entries:
  * Merge from debian unstable. Remaining changes:
    - debian/control:
      + libgamin-dev rather than libfam-dev to fix startup warning.
      + debhelper Build-depends bumped to (>= 7.0.50) for
        overrides in rules file.
    - debian/index.html: s/Debian/Ubuntu/g branding on the default page.
    - Added a UFW profile set:
      + debian/lighttpd.dirs: added etc/ufw/applications.d
      + debian/rules: install the ufw profile.
      + debian/control: Suggests on ufw.
    - Add lighttpd-dev package:
      + debian/control: Added lighttpd-dev package; Build-depends on
        automake, libtool
      + debian/lighttpd-dev.install: Added.
    - debian/rules:
      + Add override_dh_installinit to set "defaults 91 09" to not start
        before apache2 but in the same runlevel with the same priority.
    - debian/patches/build-dev-package.patch: Updated
    - debian/lighttpd.conf: Comment 'use-ipv6.pl' by default, which causes
      failure to bind port in ipv4 (LP: #551211)

Author: Bhavani Shankar
Author Date: 2010-11-21 06:39:27 UTC

Import patches-unapplied version 1.4.28-2ubuntu1 to ubuntu/natty

Imported using git-ubuntu import.

Changelog parent: cdb1fd883f006c03e5821eef8df27983aa058eea

New changelog entries:
  * Merge from debian unstable. Remaining changes:
    - debian/control:
      + libgamin-dev rather than libfam-dev to fix startup warning.
      + debhelper Build-depends bumped to (>= 7.0.50) for
        overrides in rules file.
    - debian/index.html: s/Debian/Ubuntu/g branding on the default page.
    - Added a UFW profile set:
      + debian/lighttpd.dirs: added etc/ufw/applications.d
      + debian/rules: install the ufw profile.
      + debian/control: Suggests on ufw.
    - Add lighttpd-dev package:
      + debian/control: Added lighttpd-dev package; Build-depends on
        automake, libtool
      + debian/lighttpd-dev.install: Added.
    - debian/rules:
      + Add override_dh_installinit to set "defaults 91 09" to not start
        before apache2 but in the same runlevel with the same priority.
    - debian/patches/build-dev-package.patch: Updated
    - debian/lighttpd.conf: Comment 'use-ipv6.pl' by default, which causes
      failure to bind port in ipv4 (LP: #551211)

Author: David Sugar
Author Date: 2010-07-15 17:50:35 UTC

Import patches-applied version 1.4.26-3ubuntu2 to applied/ubuntu/maverick

Imported using git-ubuntu import.

Changelog parent: 2113eadaa64fdc4810a802af10eacd8dae8bc142
Unapplied parent: 7e3e541bd602c574f1f5fc7d4bdc4ad44c8be7f3

New changelog entries:
  * syntax_check function defined in init script. (LP: #600767)

Author: David Sugar
Author Date: 2010-07-15 17:50:35 UTC

Import patches-unapplied version 1.4.26-3ubuntu2 to ubuntu/maverick

Imported using git-ubuntu import.

Changelog parent: 332eaefa28d57bcb369c78c973fe3858123f5fe9

New changelog entries:
  * syntax_check function defined in init script. (LP: #600767)

Author: Chuck Short
Author Date: 2010-04-06 10:12:07 UTC

Import patches-unapplied version 1.4.26-1.1ubuntu3 to ubuntu/lucid

Imported using git-ubuntu import.

Changelog parent: 5a184500e86d008f8b718152dd54034b12bdeb93

New changelog entries:
  * debian/control: Rebuild for libmysqlclient transition.

Author: Chuck Short
Author Date: 2010-04-06 10:12:07 UTC

Import patches-applied version 1.4.26-1.1ubuntu3 to applied/ubuntu/lucid

Imported using git-ubuntu import.

Changelog parent: 23d9998a774a19ce69a8675a0d3753dc357f478c
Unapplied parent: 01d9b94158f885e54ccaa473ec5901919e0054d1

New changelog entries:
  * debian/control: Rebuild for libmysqlclient transition.

Author: João Pinto
Author Date: 2009-10-10 00:08:19 UTC

Import patches-applied version 1.4.22-1ubuntu4 to applied/ubuntu/karmic

Imported using git-ubuntu import.

Changelog parent: c842806e31145f4444265c12e94412f2b1ee8ac5
Unapplied parent: e949c943f040aad162b6b86408bb5983d1a2b196

New changelog entries:
  * Fix FTBFS, replaced automake with automake1.10 on Build-Depends
    (LP #447672)

Author: João Pinto
Author Date: 2009-10-10 00:08:19 UTC

Import patches-unapplied version 1.4.22-1ubuntu4 to ubuntu/karmic

Imported using git-ubuntu import.

Changelog parent: 380dabb7386d233d0e67f4e415fc1d7438eaa8e8

New changelog entries:
  * Fix FTBFS, replaced automake with automake1.10 on Build-Depends
    (LP #447672)

Author: João Pinto
Author Date: 2009-10-10 00:08:19 UTC

Import patches-unapplied version 1.4.22-1ubuntu4 to ubuntu/karmic

Imported using git-ubuntu import.

Changelog parent: 380dabb7386d233d0e67f4e415fc1d7438eaa8e8

New changelog entries:
  * Fix FTBFS, replaced automake with automake1.10 on Build-Depends
    (LP #447672)

Author: João Pinto
Author Date: 2009-10-10 00:08:19 UTC

Import patches-applied version 1.4.22-1ubuntu4 to applied/ubuntu/karmic

Imported using git-ubuntu import.

Changelog parent: c842806e31145f4444265c12e94412f2b1ee8ac5
Unapplied parent: e949c943f040aad162b6b86408bb5983d1a2b196

New changelog entries:
  * Fix FTBFS, replaced automake with automake1.10 on Build-Depends
    (LP #447672)

Author: Marcin Gibula
Author Date: 2009-03-04 12:42:05 UTC

Import patches-applied version 1.4.19-0ubuntu3.1 to applied/ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 68b5507395bff44c809a93fc12bfb7efa4abc09e
Unapplied parent: 914356e005b28058db5f91d2d54b239d6d3191c9

New changelog entries:
  * SECURITY UPDATE: (LP: #279490)
   + debian/patches/93_CVE-2008-4298.dpatch
    - Fix memory leak in request header handling
   + debian/patches/95_CVE-2008-4360.dpatch
    - Fix mod_userdir information disclosure
  * References
   + https://bugs.launchpad.net/bugs/cve/2008-4298
   + https://bugs.launchpad.net/bugs/cve/2008-4360

Author: Marcin Gibula
Author Date: 2009-03-04 12:42:05 UTC

Import patches-unapplied version 1.4.19-0ubuntu3.1 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: ae3e0066c2d49e8b04d4468d282ae91b4286430c

New changelog entries:
  * SECURITY UPDATE: (LP: #279490)
   + debian/patches/93_CVE-2008-4298.dpatch
    - Fix memory leak in request header handling
   + debian/patches/95_CVE-2008-4360.dpatch
    - Fix mod_userdir information disclosure
  * References
   + https://bugs.launchpad.net/bugs/cve/2008-4298
   + https://bugs.launchpad.net/bugs/cve/2008-4360

Author: Marcin Gibula
Author Date: 2009-03-04 12:42:05 UTC

Import patches-unapplied version 1.4.19-0ubuntu3.1 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: ae3e0066c2d49e8b04d4468d282ae91b4286430c

New changelog entries:
  * SECURITY UPDATE: (LP: #279490)
   + debian/patches/93_CVE-2008-4298.dpatch
    - Fix memory leak in request header handling
   + debian/patches/95_CVE-2008-4360.dpatch
    - Fix mod_userdir information disclosure
  * References
   + https://bugs.launchpad.net/bugs/cve/2008-4298
   + https://bugs.launchpad.net/bugs/cve/2008-4360

Author: Marcin Gibula
Author Date: 2009-03-04 12:42:05 UTC

Import patches-applied version 1.4.19-0ubuntu3.1 to applied/ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 68b5507395bff44c809a93fc12bfb7efa4abc09e
Unapplied parent: 914356e005b28058db5f91d2d54b239d6d3191c9

New changelog entries:
  * SECURITY UPDATE: (LP: #279490)
   + debian/patches/93_CVE-2008-4298.dpatch
    - Fix memory leak in request header handling
   + debian/patches/95_CVE-2008-4360.dpatch
    - Fix mod_userdir information disclosure
  * References
   + https://bugs.launchpad.net/bugs/cve/2008-4298
   + https://bugs.launchpad.net/bugs/cve/2008-4360

Author: Marcin Gibula
Author Date: 2009-03-04 12:42:05 UTC

Import patches-unapplied version 1.4.19-0ubuntu3.1 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: ae3e0066c2d49e8b04d4468d282ae91b4286430c

New changelog entries:
  * SECURITY UPDATE: (LP: #279490)
   + debian/patches/93_CVE-2008-4298.dpatch
    - Fix memory leak in request header handling
   + debian/patches/95_CVE-2008-4360.dpatch
    - Fix mod_userdir information disclosure
  * References
   + https://bugs.launchpad.net/bugs/cve/2008-4298
   + https://bugs.launchpad.net/bugs/cve/2008-4360

Author: Marcin Gibula
Author Date: 2009-03-04 12:42:05 UTC

Import patches-applied version 1.4.19-0ubuntu3.1 to applied/ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 68b5507395bff44c809a93fc12bfb7efa4abc09e
Unapplied parent: 914356e005b28058db5f91d2d54b239d6d3191c9

New changelog entries:
  * SECURITY UPDATE: (LP: #279490)
   + debian/patches/93_CVE-2008-4298.dpatch
    - Fix memory leak in request header handling
   + debian/patches/95_CVE-2008-4360.dpatch
    - Fix mod_userdir information disclosure
  * References
   + https://bugs.launchpad.net/bugs/cve/2008-4298
   + https://bugs.launchpad.net/bugs/cve/2008-4360

Author: Daniel Hahler
Author Date: 2009-03-17 21:36:05 UTC

Import patches-unapplied version 1.4.19-5ubuntu7 to ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: 7281b15844589660824d5c2e29cc59755f39fa4b

New changelog entries:
  * debian/index.html: do not point to edge.launchpad.net
    (LP: #302845)
  * Fix documentation reference to virtual hosting by referring
    to mod_simple_vhost (LP: #247271)
    - debian/patches/fix-conf-doc.patch

Author: Daniel Hahler
Author Date: 2009-03-17 21:36:05 UTC

Import patches-unapplied version 1.4.19-5ubuntu7 to ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: 7281b15844589660824d5c2e29cc59755f39fa4b

New changelog entries:
  * debian/index.html: do not point to edge.launchpad.net
    (LP: #302845)
  * Fix documentation reference to virtual hosting by referring
    to mod_simple_vhost (LP: #247271)
    - debian/patches/fix-conf-doc.patch

Author: Daniel Hahler
Author Date: 2009-03-17 21:36:05 UTC

Import patches-applied version 1.4.19-5ubuntu7 to applied/ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: 3fd0b45ed1ab4280b02e4ed159f7ab7e4f95fd82
Unapplied parent: 111c0b4d46d9cfa4d22313c040878643a9f45a8a

New changelog entries:
  * debian/index.html: do not point to edge.launchpad.net
    (LP: #302845)
  * Fix documentation reference to virtual hosting by referring
    to mod_simple_vhost (LP: #247271)
    - debian/patches/fix-conf-doc.patch

Author: Daniel Hahler
Author Date: 2009-03-17 21:36:05 UTC

Import patches-applied version 1.4.19-5ubuntu7 to applied/ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: 3fd0b45ed1ab4280b02e4ed159f7ab7e4f95fd82
Unapplied parent: 111c0b4d46d9cfa4d22313c040878643a9f45a8a

New changelog entries:
  * debian/index.html: do not point to edge.launchpad.net
    (LP: #302845)
  * Fix documentation reference to virtual hosting by referring
    to mod_simple_vhost (LP: #247271)
    - debian/patches/fix-conf-doc.patch

Author: Andres Rodriguez
Author Date: 2008-07-25 16:47:48 UTC

Import patches-applied version 1.4.19-4ubuntu2 to applied/ubuntu/intrepid

Imported using git-ubuntu import.

Changelog parent: ea9434ca93db48934f7b7642240f98ba47781aa7
Unapplied parent: 049a2f472962d179e0de569f2fe3298c745fefa5

New changelog entries:
  * debian/control: Depend on lsb >= 3.2-14, which has the
    status_of_proc() function.
  * debian/init.d: Add the 'status' action (LP: #251924).

Author: Andres Rodriguez
Author Date: 2008-07-25 16:47:48 UTC

Import patches-applied version 1.4.19-4ubuntu2 to applied/ubuntu/intrepid

Imported using git-ubuntu import.

Changelog parent: ea9434ca93db48934f7b7642240f98ba47781aa7
Unapplied parent: 049a2f472962d179e0de569f2fe3298c745fefa5

New changelog entries:
  * debian/control: Depend on lsb >= 3.2-14, which has the
    status_of_proc() function.
  * debian/init.d: Add the 'status' action (LP: #251924).

Author: Andres Rodriguez
Author Date: 2008-07-25 16:47:48 UTC

Import patches-unapplied version 1.4.19-4ubuntu2 to ubuntu/intrepid

Imported using git-ubuntu import.

Changelog parent: 64f02ec63f178110bc16b196744801c0bef88169

New changelog entries:
  * debian/control: Depend on lsb >= 3.2-14, which has the
    status_of_proc() function.
  * debian/init.d: Add the 'status' action (LP: #251924).

Author: Andres Rodriguez
Author Date: 2008-07-25 16:47:48 UTC

Import patches-unapplied version 1.4.19-4ubuntu2 to ubuntu/intrepid

Imported using git-ubuntu import.

Changelog parent: 64f02ec63f178110bc16b196744801c0bef88169

New changelog entries:
  * debian/control: Depend on lsb >= 3.2-14, which has the
    status_of_proc() function.
  * debian/init.d: Add the 'status' action (LP: #251924).

Author: Emanuele Gentili
Author Date: 2008-04-07 17:45:59 UTC

Import patches-unapplied version 1.4.13~r1370-1ubuntu1.7 to ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 911d4fd0059c2ad659b96aec7d768aa94f3efc56

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

Author: Emanuele Gentili
Author Date: 2008-04-07 17:45:59 UTC

Import patches-applied version 1.4.13~r1370-1ubuntu1.7 to applied/ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 668933803178ffc56a672c2dd787e06693b657af
Unapplied parent: 65e897b19f2abb6a6c3586cc5164efff9eb13483

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

Author: Emanuele Gentili
Author Date: 2008-04-07 17:45:59 UTC

Import patches-applied version 1.4.13~r1370-1ubuntu1.7 to applied/ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 668933803178ffc56a672c2dd787e06693b657af
Unapplied parent: 65e897b19f2abb6a6c3586cc5164efff9eb13483

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

Author: Emanuele Gentili
Author Date: 2008-04-06 21:55:30 UTC

Import patches-unapplied version 1.4.13-9ubuntu4.6 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: c022ef5795b6ef541bf6478f84024f86d464309b

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

Author: Emanuele Gentili
Author Date: 2008-04-06 21:55:30 UTC

Import patches-unapplied version 1.4.13-9ubuntu4.6 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: c022ef5795b6ef541bf6478f84024f86d464309b

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

Author: Emanuele Gentili
Author Date: 2008-04-06 21:55:30 UTC

Import patches-unapplied version 1.4.13-9ubuntu4.6 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: c022ef5795b6ef541bf6478f84024f86d464309b

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

Author: Emanuele Gentili
Author Date: 2008-04-06 01:39:14 UTC

Import patches-unapplied version 1.4.18-1ubuntu1.4 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 14e12ba17dde400534d6ea6cccaae4dd59268b30

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

Author: Emanuele Gentili
Author Date: 2008-04-06 01:39:14 UTC

Import patches-unapplied version 1.4.18-1ubuntu1.4 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 14e12ba17dde400534d6ea6cccaae4dd59268b30

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

Author: Emanuele Gentili
Author Date: 2008-04-06 01:39:14 UTC

Import patches-unapplied version 1.4.18-1ubuntu1.4 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 14e12ba17dde400534d6ea6cccaae4dd59268b30

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

Author: Emanuele Gentili
Author Date: 2008-04-06 01:39:14 UTC

Import patches-applied version 1.4.18-1ubuntu1.4 to applied/ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: d0041d0c23035ea95af5daf640189c35e3369b3e
Unapplied parent: 1d9f0b5493f7c84d40445cfd332ef973a3b5767c

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

Author: Emanuele Gentili
Author Date: 2008-04-06 01:39:14 UTC

Import patches-applied version 1.4.18-1ubuntu1.4 to applied/ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: d0041d0c23035ea95af5daf640189c35e3369b3e
Unapplied parent: 1d9f0b5493f7c84d40445cfd332ef973a3b5767c

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

Author: Emanuele Gentili
Author Date: 2008-04-06 01:39:14 UTC

Import patches-applied version 1.4.18-1ubuntu1.4 to applied/ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: d0041d0c23035ea95af5daf640189c35e3369b3e
Unapplied parent: 1d9f0b5493f7c84d40445cfd332ef973a3b5767c

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

Author: Emanuele Gentili
Author Date: 2008-04-06 21:55:30 UTC

Import patches-applied version 1.4.13-9ubuntu4.6 to applied/ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: d0ed48ec3a5919d7c6cba9c3d2093ec8958ce53b
Unapplied parent: 26afdfe5abe4757acbf140db3b616362b106c74e

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

Author: Emanuele Gentili
Author Date: 2008-04-06 21:55:30 UTC

Import patches-applied version 1.4.13-9ubuntu4.6 to applied/ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: d0ed48ec3a5919d7c6cba9c3d2093ec8958ce53b
Unapplied parent: 26afdfe5abe4757acbf140db3b616362b106c74e

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

Author: Emanuele Gentili
Author Date: 2008-04-06 21:55:30 UTC

Import patches-applied version 1.4.13-9ubuntu4.6 to applied/ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: d0ed48ec3a5919d7c6cba9c3d2093ec8958ce53b
Unapplied parent: 26afdfe5abe4757acbf140db3b616362b106c74e

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

Author: Emanuele Gentili
Author Date: 2008-04-07 17:45:59 UTC

Import patches-unapplied version 1.4.13~r1370-1ubuntu1.7 to ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 911d4fd0059c2ad659b96aec7d768aa94f3efc56

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

Author: Emanuele Gentili
Author Date: 2008-04-07 17:45:59 UTC

Import patches-unapplied version 1.4.13~r1370-1ubuntu1.7 to ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 911d4fd0059c2ad659b96aec7d768aa94f3efc56

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

Author: Emanuele Gentili
Author Date: 2008-04-07 17:45:59 UTC

Import patches-applied version 1.4.13~r1370-1ubuntu1.7 to applied/ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 668933803178ffc56a672c2dd787e06693b657af
Unapplied parent: 65e897b19f2abb6a6c3586cc5164efff9eb13483

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

Author: Emanuele Gentili
Author Date: 2008-04-05 22:09:12 UTC

Import patches-applied version 1.4.19-0ubuntu3 to applied/ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 74524032bb10affae927bb7863b10366f175d3e0
Unapplied parent: ae3e0066c2d49e8b04d4468d282ae91b4286430c

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/92_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

Author: Emanuele Gentili
Author Date: 2008-04-05 22:09:12 UTC

Import patches-unapplied version 1.4.19-0ubuntu3 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: b3e7be4256a958c9f0ce6262bcc72297816ee1ec

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/92_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

Author: Emanuele Gentili
Author Date: 2008-03-11 14:03:17 UTC

Import patches-applied version 1.4.11-3ubuntu3.8 to applied/ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: f90352ff4e044d475d30340dab4ada9669358915
Unapplied parent: 73b28144c05891b077ad9d7f49542f821efcb9b9

New changelog entries:
  * SECURITY UPDATE: (LP: #200987)
   + debian/patches/91_CVE-2008-1270.dpatch
    - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
      uses a default of $HOME, which might allow remote attackers to read arbitrary
      files, as demonstrated by accessing the ~nobody directory.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
   + http://trac.lighttpd.net/trac/ticket/1587
   + http://trac.lighttpd.net/trac/changeset/2120

Author: Emanuele Gentili
Author Date: 2008-03-11 14:03:17 UTC

Import patches-applied version 1.4.11-3ubuntu3.8 to applied/ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: f90352ff4e044d475d30340dab4ada9669358915
Unapplied parent: 73b28144c05891b077ad9d7f49542f821efcb9b9

New changelog entries:
  * SECURITY UPDATE: (LP: #200987)
   + debian/patches/91_CVE-2008-1270.dpatch
    - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
      uses a default of $HOME, which might allow remote attackers to read arbitrary
      files, as demonstrated by accessing the ~nobody directory.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
   + http://trac.lighttpd.net/trac/ticket/1587
   + http://trac.lighttpd.net/trac/changeset/2120

Author: Emanuele Gentili
Author Date: 2008-03-11 14:03:17 UTC

Import patches-unapplied version 1.4.11-3ubuntu3.8 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: b925f96284189945c1a324deff75153edd7ae223

New changelog entries:
  * SECURITY UPDATE: (LP: #200987)
   + debian/patches/91_CVE-2008-1270.dpatch
    - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
      uses a default of $HOME, which might allow remote attackers to read arbitrary
      files, as demonstrated by accessing the ~nobody directory.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
   + http://trac.lighttpd.net/trac/ticket/1587
   + http://trac.lighttpd.net/trac/changeset/2120

Author: Emanuele Gentili
Author Date: 2008-03-11 14:03:17 UTC

Import patches-unapplied version 1.4.11-3ubuntu3.8 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: b925f96284189945c1a324deff75153edd7ae223

New changelog entries:
  * SECURITY UPDATE: (LP: #200987)
   + debian/patches/91_CVE-2008-1270.dpatch
    - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
      uses a default of $HOME, which might allow remote attackers to read arbitrary
      files, as demonstrated by accessing the ~nobody directory.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
   + http://trac.lighttpd.net/trac/ticket/1587
   + http://trac.lighttpd.net/trac/changeset/2120

Author: Emanuele Gentili
Author Date: 2008-03-11 14:03:17 UTC

Import patches-unapplied version 1.4.11-3ubuntu3.8 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: b925f96284189945c1a324deff75153edd7ae223

New changelog entries:
  * SECURITY UPDATE: (LP: #200987)
   + debian/patches/91_CVE-2008-1270.dpatch
    - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
      uses a default of $HOME, which might allow remote attackers to read arbitrary
      files, as demonstrated by accessing the ~nobody directory.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
   + http://trac.lighttpd.net/trac/ticket/1587
   + http://trac.lighttpd.net/trac/changeset/2120

Author: Emanuele Gentili
Author Date: 2008-03-11 14:03:17 UTC

Import patches-applied version 1.4.11-3ubuntu3.8 to applied/ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: f90352ff4e044d475d30340dab4ada9669358915
Unapplied parent: 73b28144c05891b077ad9d7f49542f821efcb9b9

New changelog entries:
  * SECURITY UPDATE: (LP: #200987)
   + debian/patches/91_CVE-2008-1270.dpatch
    - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
      uses a default of $HOME, which might allow remote attackers to read arbitrary
      files, as demonstrated by accessing the ~nobody directory.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
   + http://trac.lighttpd.net/trac/ticket/1587
   + http://trac.lighttpd.net/trac/changeset/2120

Author: Soren Hansen
Author Date: 2007-09-12 12:02:31 UTC

Import patches-applied version 1.4.18-1ubuntu1 to applied/ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 93e0786375fee21ad34c3eb6f590b170298ac463
Unapplied parent: d2a1038457f99171d9c5d4ac2b9534d132381472

New changelog entries:
  * Merge from Debian unstable, remaining changes:
    - Update maintainer field in debian/control.
    - Build against libgamin-dev rather than libfam-dev (fixes a warning
      during startup)
    - Make sure that upgrades succeed, even if we can't restart lighttpd.
    - Clean environment in init.d script.
  * New upstream release, fixes CVE-2007-4727 (closes: #441787)
  * lighttpd-angel is installed but not used yet

Author: Soren Hansen
Author Date: 2007-09-12 12:02:31 UTC

Import patches-unapplied version 1.4.18-1ubuntu1 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: e616f845a857f51a643059fc4b58ecb1c691039b

New changelog entries:
  * Merge from Debian unstable, remaining changes:
    - Update maintainer field in debian/control.
    - Build against libgamin-dev rather than libfam-dev (fixes a warning
      during startup)
    - Make sure that upgrades succeed, even if we can't restart lighttpd.
    - Clean environment in init.d script.
  * New upstream release, fixes CVE-2007-4727 (closes: #441787)
  * lighttpd-angel is installed but not used yet