ubuntu/+source/lighttpd:applied/ubuntu/gutsy-security

Last commit made on 2008-04-17
Get this branch:
git clone -b applied/ubuntu/gutsy-security https://git.launchpad.net/ubuntu/+source/lighttpd
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/gutsy-security
Repository:
lp:ubuntu/+source/lighttpd

Recent commits

f512c39... by Emanuele Gentili on 2008-04-06

Import patches-applied version 1.4.18-1ubuntu1.4 to applied/ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: d0041d0c23035ea95af5daf640189c35e3369b3e
Unapplied parent: 1d9f0b5493f7c84d40445cfd332ef973a3b5767c

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

1d9f0b5... by Emanuele Gentili on 2008-04-06

Import patches-unapplied version 1.4.18-1ubuntu1.4 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 14e12ba17dde400534d6ea6cccaae4dd59268b30

New changelog entries:
  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

d0041d0... by Emanuele Gentili on 2008-03-11

Import patches-applied version 1.4.18-1ubuntu1.3 to applied/ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: c2233476fb2c622cdb57c4d20a975a711aa50221
Unapplied parent: 14e12ba17dde400534d6ea6cccaae4dd59268b30

New changelog entries:
  * SECURITY UPDATE: (LP: #200987)
   + debian/patches/91_CVE-2008-1270.dpatch
    - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
      uses a default of $HOME, which might allow remote attackers to read arbitrary
      files, as demonstrated by accessing the ~nobody directory.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
   + http://trac.lighttpd.net/trac/ticket/1587
   + http://trac.lighttpd.net/trac/changeset/2120

14e12ba... by Emanuele Gentili on 2008-03-11

Import patches-unapplied version 1.4.18-1ubuntu1.3 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 36e72dcc4ec8497927e19c4c795e3a58343b6b23

New changelog entries:
  * SECURITY UPDATE: (LP: #200987)
   + debian/patches/91_CVE-2008-1270.dpatch
    - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
      uses a default of $HOME, which might allow remote attackers to read arbitrary
      files, as demonstrated by accessing the ~nobody directory.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
   + http://trac.lighttpd.net/trac/ticket/1587
   + http://trac.lighttpd.net/trac/changeset/2120

c223347... by Emanuele Gentili on 2008-03-05

Import patches-applied version 1.4.18-1ubuntu1.2 to applied/ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 1aa7804e0efd90050854f14000f6973eeb794f6b
Unapplied parent: 36e72dcc4ec8497927e19c4c795e3a58343b6b23

New changelog entries:
  * SECURITY UPDATE:
   + debian/patches/91_CVE-2008-1111.dpatch:
    - Fixes CVE-2008-1111
      "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the
      source code of CGI scripts instead of a 500 error, which might allow
      remote attackers to obtain sensitive information." (LP: #198731)
  * References
   + http://trac.lighttpd.net/trac/changeset/2107
   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111

36e72dc... by Emanuele Gentili on 2008-03-05

Import patches-unapplied version 1.4.18-1ubuntu1.2 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: fb2fd7545df327b7272fece820d89665283d8d0d

New changelog entries:
  * SECURITY UPDATE:
   + debian/patches/91_CVE-2008-1111.dpatch:
    - Fixes CVE-2008-1111
      "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the
      source code of CGI scripts instead of a 500 error, which might allow
      remote attackers to obtain sensitive information." (LP: #198731)
  * References
   + http://trac.lighttpd.net/trac/changeset/2107
   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111

1aa7804... by Emanuele Gentili on 2008-02-25

Import patches-applied version 1.4.18-1ubuntu1.1 to applied/ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 54e75a2571e4184dced8ddf1ae558880f4910a0f
Unapplied parent: fb2fd7545df327b7272fece820d89665283d8d0d

New changelog entries:
  * SECURITY UPDATE:
    + debian/patches/90_maxfds_crash_fix.dpatch:
      - added patch from upstream to fix the maxfds issue (LP: #195380)
  * References
    + http://trac.lighttpd.net/trac/ticket/1562

fb2fd75... by Emanuele Gentili on 2008-02-25

Import patches-unapplied version 1.4.18-1ubuntu1.1 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: d2a1038457f99171d9c5d4ac2b9534d132381472

New changelog entries:
  * SECURITY UPDATE:
    + debian/patches/90_maxfds_crash_fix.dpatch:
      - added patch from upstream to fix the maxfds issue (LP: #195380)
  * References
    + http://trac.lighttpd.net/trac/ticket/1562

54e75a2... by Soren Hansen on 2007-09-12

Import patches-applied version 1.4.18-1ubuntu1 to applied/ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 93e0786375fee21ad34c3eb6f590b170298ac463
Unapplied parent: d2a1038457f99171d9c5d4ac2b9534d132381472

New changelog entries:
  * Merge from Debian unstable, remaining changes:
    - Update maintainer field in debian/control.
    - Build against libgamin-dev rather than libfam-dev (fixes a warning
      during startup)
    - Make sure that upgrades succeed, even if we can't restart lighttpd.
    - Clean environment in init.d script.
  * New upstream release, fixes CVE-2007-4727 (closes: #441787)
  * lighttpd-angel is installed but not used yet

d2a1038... by Soren Hansen on 2007-09-12

Import patches-unapplied version 1.4.18-1ubuntu1 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: e616f845a857f51a643059fc4b58ecb1c691039b

New changelog entries:
  * Merge from Debian unstable, remaining changes:
    - Update maintainer field in debian/control.
    - Build against libgamin-dev rather than libfam-dev (fixes a warning
      during startup)
    - Make sure that upgrades succeed, even if we can't restart lighttpd.
    - Clean environment in init.d script.
  * New upstream release, fixes CVE-2007-4727 (closes: #441787)
  * lighttpd-angel is installed but not used yet