lp:debian/lenny/lighttpd
- Get this branch:
- bzr branch lp:debian/lenny/lighttpd
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 10. By Arno Töll <email address hidden>
-
* Backport security issues from 1.4.30:
+ Fix integer overflow (CVE-2011-4362)
+ Fix attack vector as disclosed by the SSL BEAST attack (related:
CVE-2011-3389). Note: If you are upgrading from an older version you need
to change your configuration to mitigate effects of the attack. See the
corresponding NEWS file for details. - 9. By Stefan Fritsch
-
* Non-maintainer upload by the Security Team.
* Fix bug that made lighttpd fail to start with the upgraded openssl
from DSA-2141-1. Closes: #609124 - 8. By Nico Golde <email address hidden>
-
* Non-maintainer upload by the Security Team.
* Fix denial of service through slow short requests leading to
memory exhaustion due to bad memory handling (CVE-2010-0295). - 7. By Pierre Habouzit
-
* Remove the alias.url stanza from 10-cgi.conf (Closes: #499334).
* Add patches for lighttpd security 2008-05 to 2008-07 (no CVE yet):
+ patches/lighttpd- 1.4.x_request_ header_ memleak. patch
+ patches/lighttpd- 1.4.x_rewrite_ redirect_ decode_ url.patch
+ patches/lighttpd- 1.4.x_userdir_ lowercase. patch
* Urgency set to high for security fix. - 6. By Krzysztof Krzyżaniak (eloy)
-
* New upstream release
* Closing bug from not uploaded release 1.4.8-5, (closes: #347737) - 4. By Krzysztof Krzyżaniak (eloy)
-
* New configuration layout (closes: #345554) (closes: #344959),
read /etc/lighttpd/conf-available/ README
- conf-available directory for all templates
- conf-enabled directory for enabled modules - 3. By Krzysztof Krzyżaniak (eloy)
-
[ Krzysztof Krzyzaniak (eloy) ]
* debian/control: lsb-base dependency narrowed to (>= 3.0-3)
* create-mime.assign. pl set as executable (closes: #344938) - 2. By Torsten Marek <email address hidden>
-
* New upstream version (closes: #304271)
* Does not rely on $SHELL to execute external commands
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:debian/squeeze/lighttpd