Ubuntu
lighttpd package

ubuntu/+source/lighttpd:applied/ubuntu/feisty-security

  1. Git
  2. lp:ubuntu/+source/lighttpd
  3. applied/ubuntu/feisty-security
Last commit made on 2008-04-17
Get this branch:
git clone -b applied/ubuntu/feisty-security https://git.launchpad.net/ubuntu/+source/lighttpd
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/feisty-security
Repository:
lp:ubuntu/+source/lighttpd

Recent commits

f17bb00... by Emanuele Gentili on 2008-04-06

Import patches-applied version 1.4.13-9ubuntu4.6 to applied/ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: d0ed48ec3a5919d7c6cba9c3d2093ec8958ce53b
Unapplied parent: 26afdfe5abe4757acbf140db3b616362b106c74e

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

26afdfe... by Emanuele Gentili on 2008-04-06

Import patches-unapplied version 1.4.13-9ubuntu4.6 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: c022ef5795b6ef541bf6478f84024f86d464309b

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

d0ed48e... by Emanuele Gentili on 2008-03-11

Import patches-applied version 1.4.13-9ubuntu4.5 to applied/ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: ca88dfd7a5e58e0d5ee74542107326a6deb6b803
Unapplied parent: c022ef5795b6ef541bf6478f84024f86d464309b

New changelog entries:
  * SECURITY UPDATE: (LP: #200987)
   + debian/patches/91_CVE-2008-1270.dpatch
    - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
      uses a default of $HOME, which might allow remote attackers to read arbitrary
      files, as demonstrated by accessing the ~nobody directory.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
   + http://trac.lighttpd.net/trac/ticket/1587
   + http://trac.lighttpd.net/trac/changeset/2120

c022ef5... by Emanuele Gentili on 2008-03-11

Import patches-unapplied version 1.4.13-9ubuntu4.5 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: bdd8e3e0a7f04f379283ab6997a99edcc056dabc

New changelog entries:
  * SECURITY UPDATE: (LP: #200987)
   + debian/patches/91_CVE-2008-1270.dpatch
    - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
      uses a default of $HOME, which might allow remote attackers to read arbitrary
      files, as demonstrated by accessing the ~nobody directory.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
   + http://trac.lighttpd.net/trac/ticket/1587
   + http://trac.lighttpd.net/trac/changeset/2120

ca88dfd... by Emanuele Gentili on 2008-03-05

Import patches-applied version 1.4.13-9ubuntu4.4 to applied/ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: 35894bb49432348416dbb5a680c4eb410b2fce23
Unapplied parent: bdd8e3e0a7f04f379283ab6997a99edcc056dabc

New changelog entries:
  * SECURITY UPDATE:
   + debian/patches/91_CVE-2008-1111.dpatch:
    - Fixes CVE-2008-1111
      "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the
      source code of CGI scripts instead of a 500 error, which might allow
      remote attackers to obtain sensitive information." (LP: #198731)
  * References
   + http://trac.lighttpd.net/trac/changeset/2107
   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111

bdd8e3e... by Emanuele Gentili on 2008-03-05

Import patches-unapplied version 1.4.13-9ubuntu4.4 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: 197815c8ff4df599c47faa8a7247571d9864ae22

New changelog entries:
  * SECURITY UPDATE:
   + debian/patches/91_CVE-2008-1111.dpatch:
    - Fixes CVE-2008-1111
      "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the
      source code of CGI scripts instead of a 500 error, which might allow
      remote attackers to obtain sensitive information." (LP: #198731)
  * References
   + http://trac.lighttpd.net/trac/changeset/2107
   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111

35894bb... by Emanuele Gentili on 2008-02-25

Import patches-applied version 1.4.13-9ubuntu4.3 to applied/ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: aacb89b7d59eb75f974ef4cc11d9e8e2ca9459e4
Unapplied parent: 197815c8ff4df599c47faa8a7247571d9864ae22

New changelog entries:
  * SECURITY UPDATE:
    + debian/patches/90_maxfds_crash_fix.dpatch:
      - added patch from upstream to fix the maxfds issue (LP: #195380)
  * References
    + http://trac.lighttpd.net/trac/ticket/1562

197815c... by Emanuele Gentili on 2008-02-25

Import patches-unapplied version 1.4.13-9ubuntu4.3 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: 56402d93851f3d69b72ca471919ce1b27df6192f

New changelog entries:
  * SECURITY UPDATE:
    + debian/patches/90_maxfds_crash_fix.dpatch:
      - added patch from upstream to fix the maxfds issue (LP: #195380)
  * References
    + http://trac.lighttpd.net/trac/ticket/1562

aacb89b... by Jamie Strandboge on 2007-09-10

Import patches-applied version 1.4.13-9ubuntu4.2 to applied/ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: 5d521bb3c95ed21858660227583e07e33d86dc7e
Unapplied parent: 56402d93851f3d69b72ca471919ce1b27df6192f

New changelog entries:
  * SECURITY UPDATE: fix DoS crash from improper EOL handling in mod_cgi.c
    (backported from upstream 1.4.17)
  * SECURITY UPDATE: fix potential DoS crash in etag.c. This patch also fixes
    possible dereferencing a NULL pointer in buffer.c (both backported from
    upstream 1.4.17)
  * SECURITY UPDATE: fix arbitrary code execution in mod_fastcgi.c due to
    improper handling of content length in HTTP headers. Patch from upstream
  * References
    https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138309
    https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138310
    http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
    CVE-2007-4727

56402d9... by Jamie Strandboge on 2007-09-10

Import patches-unapplied version 1.4.13-9ubuntu4.2 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: 13687668e5c93150b33fb2d54529ddaa003173ec

New changelog entries:
  * SECURITY UPDATE: fix DoS crash from improper EOL handling in mod_cgi.c
    (backported from upstream 1.4.17)
  * SECURITY UPDATE: fix potential DoS crash in etag.c. This patch also fixes
    possible dereferencing a NULL pointer in buffer.c (both backported from
    upstream 1.4.17)
  * SECURITY UPDATE: fix arbitrary code execution in mod_fastcgi.c due to
    improper handling of content length in HTTP headers. Patch from upstream
  * References
    https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138309
    https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138310
    http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
    CVE-2007-4727