ubuntu/+source/lighttpd:applied/ubuntu/edgy-updates

Last commit made on 2008-04-17
Get this branch:
git clone -b applied/ubuntu/edgy-updates https://git.launchpad.net/ubuntu/+source/lighttpd
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/edgy-updates
Repository:
lp:ubuntu/+source/lighttpd

Recent commits

7b4ae17... by Emanuele Gentili on 2008-04-07

Import patches-applied version 1.4.13~r1370-1ubuntu1.7 to applied/ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 668933803178ffc56a672c2dd787e06693b657af
Unapplied parent: 65e897b19f2abb6a6c3586cc5164efff9eb13483

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

65e897b... by Emanuele Gentili on 2008-04-07

Import patches-unapplied version 1.4.13~r1370-1ubuntu1.7 to ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 911d4fd0059c2ad659b96aec7d768aa94f3efc56

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

6689338... by Emanuele Gentili on 2008-03-11

Import patches-applied version 1.4.13~r1370-1ubuntu1.6 to applied/ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 0a06d163bad888140d6652c73bc2a21d5149f871
Unapplied parent: 911d4fd0059c2ad659b96aec7d768aa94f3efc56

New changelog entries:
  * SECURITY UPDATE: (LP: #200987)
   + debian/patches/91_CVE-2008-1270.dpatch
    - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
      uses a default of $HOME, which might allow remote attackers to read arbitrary
      files, as demonstrated by accessing the ~nobody directory.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
   + http://trac.lighttpd.net/trac/ticket/1587
   + http://trac.lighttpd.net/trac/changeset/2120

911d4fd... by Emanuele Gentili on 2008-03-11

Import patches-unapplied version 1.4.13~r1370-1ubuntu1.6 to ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 09fae650b37f593f0fb41697f9cdba457283c4c3

New changelog entries:
  * SECURITY UPDATE: (LP: #200987)
   + debian/patches/91_CVE-2008-1270.dpatch
    - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
      uses a default of $HOME, which might allow remote attackers to read arbitrary
      files, as demonstrated by accessing the ~nobody directory.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
   + http://trac.lighttpd.net/trac/ticket/1587
   + http://trac.lighttpd.net/trac/changeset/2120

0a06d16... by Emanuele Gentili on 2008-03-05

Import patches-applied version 1.4.13~r1370-1ubuntu1.5 to applied/ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 7dbf54a5a525d964c00db5ea96944c0cbc117137
Unapplied parent: 09fae650b37f593f0fb41697f9cdba457283c4c3

New changelog entries:
  * SECURITY UPDATE:
   + debian/patches/91_CVE-2008-1111.dpatch:
    - Fixes CVE-2008-1111
      "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the
      source code of CGI scripts instead of a 500 error, which might allow
      remote attackers to obtain sensitive information." (LP: #198731)
  * References
   + http://trac.lighttpd.net/trac/changeset/2107
   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111

09fae65... by Emanuele Gentili on 2008-03-05

Import patches-unapplied version 1.4.13~r1370-1ubuntu1.5 to ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: c3fefbafedf636ff6f658b1c08862ddca451b137

New changelog entries:
  * SECURITY UPDATE:
   + debian/patches/91_CVE-2008-1111.dpatch:
    - Fixes CVE-2008-1111
      "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the
      source code of CGI scripts instead of a 500 error, which might allow
      remote attackers to obtain sensitive information." (LP: #198731)
  * References
   + http://trac.lighttpd.net/trac/changeset/2107
   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111

7dbf54a... by Emanuele Gentili on 2008-02-25

Import patches-applied version 1.4.13~r1370-1ubuntu1.4 to applied/ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 416bb70023b9389fbfb6fd81694f4f46433f21a8
Unapplied parent: c3fefbafedf636ff6f658b1c08862ddca451b137

New changelog entries:
  * SECURITY UPDATE:
    + debian/patches/90_maxfds_crash_fix.dpatch:
      - added patch from upstream to fix the maxfds issue (LP: #195380)
  * References
    + http://trac.lighttpd.net/trac/ticket/1562

c3fefba... by Emanuele Gentili on 2008-02-25

Import patches-unapplied version 1.4.13~r1370-1ubuntu1.4 to ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 7b3ea9a1cd6189b267c06565f52c0a1eca7a01d9

New changelog entries:
  * SECURITY UPDATE:
    + debian/patches/90_maxfds_crash_fix.dpatch:
      - added patch from upstream to fix the maxfds issue (LP: #195380)
  * References
    + http://trac.lighttpd.net/trac/ticket/1562

416bb70... by Jamie Strandboge on 2007-09-10

Import patches-applied version 1.4.13~r1370-1ubuntu1.3 to applied/ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: ea8c6266e2c12d890a6c7d1a64b54777f22a6998
Unapplied parent: 7b3ea9a1cd6189b267c06565f52c0a1eca7a01d9

New changelog entries:
  * SECURITY UPDATE: fix DoS crash from improper EOL handling in mod_cgi.c
    (backported from upstream 1.4.17)
  * SECURITY UPDATE: fix potential DoS crash in etag.c. This patch also fixes
    possible dereferencing a NULL pointer in buffer.c (both backported from
    upstream 1.4.17)
  * SECURITY UPDATE: fix arbitrary code execution in mod_fastcgi.c due to
    improper handling of content length in HTTP headers. Patch from upstream
  * References
    https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138309
    https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138310
    http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
    CVE-2007-4727

7b3ea9a... by Jamie Strandboge on 2007-09-10

Import patches-unapplied version 1.4.13~r1370-1ubuntu1.3 to ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 6e24f09948d9c5e2c071bee637c7a0e494f62cd3

New changelog entries:
  * SECURITY UPDATE: fix DoS crash from improper EOL handling in mod_cgi.c
    (backported from upstream 1.4.17)
  * SECURITY UPDATE: fix potential DoS crash in etag.c. This patch also fixes
    possible dereferencing a NULL pointer in buffer.c (both backported from
    upstream 1.4.17)
  * SECURITY UPDATE: fix arbitrary code execution in mod_fastcgi.c due to
    improper handling of content length in HTTP headers. Patch from upstream
  * References
    https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138309
    https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138310
    http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
    CVE-2007-4727