lp:ubuntu/gutsy-security/lighttpd
- Get this branch:
- bzr branch lp:ubuntu/gutsy-security/lighttpd
Branch merges
Branch information
Recent revisions
- 32. By Emanuele Gentili
-
* SECURITY UPDATE: (LP: #209627)
+ debian/patches/ 91_CVE- 2008-1531. dpatch
- lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
of service (active SSL connection loss) by triggering an SSL error,
such as disconnecting before a download has finished, which causes
all active SSL connections to be lost.
* References
+ http://nvd.nist. gov/nvd. cfm?cvename= CVE-2008- 1531
+ http://trac.lighttpd. net/trac/ changeset/ 2136
+ http://trac.lighttpd. net/trac/ changeset/ 2139 - 31. By Emanuele Gentili
-
* SECURITY UPDATE: (LP: #200987)
+ debian/patches/ 91_CVE- 2008-1270. dpatch
- mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
uses a default of $HOME, which might allow remote attackers to read arbitrary
files, as demonstrated by accessing the ~nobody directory.
* References
+ http://nvd.nist. gov/nvd. cfm?cvename= CVE-2008- 1270
+ http://trac.lighttpd. net/trac/ ticket/ 1587
+ http://trac.lighttpd. net/trac/ changeset/ 2120 - 30. By Emanuele Gentili
-
* SECURITY UPDATE:
+ debian/patches/ 91_CVE- 2008-1111. dpatch:
- Fixes CVE-2008-1111
"mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the
source code of CGI scripts instead of a 500 error, which might allow
remote attackers to obtain sensitive information." (LP: #198731)
* References
+ http://trac.lighttpd. net/trac/ changeset/ 2107
+ http://www.cve. mitre.org/ cgi-bin/ cvename. cgi?name= 2008-1111 - 29. By Emanuele Gentili
-
* SECURITY UPDATE:
+ debian/patches/ 90_maxfds_ crash_fix. dpatch:
- added patch from upstream to fix the maxfds issue (LP: #195380)
* References
+ http://trac.lighttpd. net/trac/ ticket/ 1562 - 28. By Soren Hansen
-
* Merge from Debian unstable, remaining changes:
- Update maintainer field in debian/control.
- Build against libgamin-dev rather than libfam-dev (fixes a warning
during startup)
- Make sure that upgrades succeed, even if we can't restart lighttpd.
- Clean environment in init.d script. - 27. By Soren Hansen
-
* Merge from Debian unstable, remaining changes:
- Update maintainer field in debian/control.
- Build against libgamin-dev rather than libfam-dev (fixes a warning
during startup)
- Make sure that upgrades succeed, even if we can't restart lighttpd.
- Clean environment in init.d script. - 26. By Soren Hansen
-
Build against libgamin-dev rather than libfam-dev (fixes a warning during
startup about mismatched sizes of a data type). - 25. By Michele Angrisano <email address hidden>
-
* Merge from Debian unstable, remaining changes: (LP: #131224)
- Make sure that upgrades succeed, even if we can't restart lighttpd.
- Clean environment in init.d script.
- Update maintainer field in debian/control. - 24. By Michele Angrisano <email address hidden>
-
* Merge from Debian unstable, remaining changes:
- Add fam/gamin stat cache engine support.
- Replace Depends: on perl with Depends: on libterm-readline- perl-perl.
- Make sure that upgrades succeed, even if we can't restart lighttpd.
- Clean environment in init.d script.
- Update maintainer field in debian/control. - 23. By Michele Angrisano <email address hidden>
-
* Merge from Debian unstable, remaining changes:
- Add fam/gamin stat cache engine support.
- Replace Depends: on perl with Depends: on libterm-readline- perl-perl.
- Make sure that upgrades succeed, even if we can't restart lighttpd.
- Clean environment in init.d script.
- Update maintainer field in debian/control.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/lighttpd