lp:ubuntu/gutsy-security/lighttpd

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

32. By Emanuele Gentili on 2008-04-06

* SECURITY UPDATE: (LP: #209627)
 + debian/patches/91_CVE-2008-1531.dpatch
  - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
    of service (active SSL connection loss) by triggering an SSL error,
    such as disconnecting before a download has finished, which causes
    all active SSL connections to be lost.
* References
 + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
 + http://trac.lighttpd.net/trac/changeset/2136
 + http://trac.lighttpd.net/trac/changeset/2139

31. By Emanuele Gentili on 2008-03-11

* SECURITY UPDATE: (LP: #200987)
 + debian/patches/91_CVE-2008-1270.dpatch
  - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
    uses a default of $HOME, which might allow remote attackers to read arbitrary
    files, as demonstrated by accessing the ~nobody directory.
* References
 + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
 + http://trac.lighttpd.net/trac/ticket/1587
 + http://trac.lighttpd.net/trac/changeset/2120

30. By Emanuele Gentili on 2008-03-05

* SECURITY UPDATE:
 + debian/patches/91_CVE-2008-1111.dpatch:
  - Fixes CVE-2008-1111
    "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the
    source code of CGI scripts instead of a 500 error, which might allow
    remote attackers to obtain sensitive information." (LP: #198731)
* References
 + http://trac.lighttpd.net/trac/changeset/2107
 + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111

29. By Emanuele Gentili on 2008-02-25

* SECURITY UPDATE:
  + debian/patches/90_maxfds_crash_fix.dpatch:
    - added patch from upstream to fix the maxfds issue (LP: #195380)
* References
  + http://trac.lighttpd.net/trac/ticket/1562

28. By Soren Hansen on 2007-09-12

* Merge from Debian unstable, remaining changes:
  - Update maintainer field in debian/control.
  - Build against libgamin-dev rather than libfam-dev (fixes a warning
    during startup)
  - Make sure that upgrades succeed, even if we can't restart lighttpd.
  - Clean environment in init.d script.

27. By Soren Hansen on 2007-09-05

* Merge from Debian unstable, remaining changes:
  - Update maintainer field in debian/control.
  - Build against libgamin-dev rather than libfam-dev (fixes a warning
    during startup)
  - Make sure that upgrades succeed, even if we can't restart lighttpd.
  - Clean environment in init.d script.

26. By Soren Hansen on 2007-08-23

Build against libgamin-dev rather than libfam-dev (fixes a warning during
startup about mismatched sizes of a data type).

25. By Michele Angrisano <email address hidden> on 2007-08-08

* Merge from Debian unstable, remaining changes: (LP: #131224)
  - Make sure that upgrades succeed, even if we can't restart lighttpd.
  - Clean environment in init.d script.
  - Update maintainer field in debian/control.

24. By Michele Angrisano <email address hidden> on 2007-07-28

* Merge from Debian unstable, remaining changes:
  - Add fam/gamin stat cache engine support.
  - Replace Depends: on perl with Depends: on libterm-readline-perl-perl.
  - Make sure that upgrades succeed, even if we can't restart lighttpd.
  - Clean environment in init.d script.
  - Update maintainer field in debian/control.

23. By Michele Angrisano <email address hidden> on 2007-07-21

* Merge from Debian unstable, remaining changes:
  - Add fam/gamin stat cache engine support.
  - Replace Depends: on perl with Depends: on libterm-readline-perl-perl.
  - Make sure that upgrades succeed, even if we can't restart lighttpd.
  - Clean environment in init.d script.
  - Update maintainer field in debian/control.