-
a12a28e...
by
Marcin Gibula
on 2009-03-04
-
Import patches-applied version 1.4.19-0ubuntu3.1 to applied/ubuntu/hardy-security
Imported using git-ubuntu import.
Changelog parent: 68b5507395bff44c809a93fc12bfb7efa4abc09e
Unapplied parent: 914356e005b28058db5f91d2d54b239d6d3191c9
New changelog entries:
* SECURITY UPDATE: (LP: #279490)
+ debian/patches/93_CVE-2008-4298.dpatch
- Fix memory leak in request header handling
+ debian/patches/95_CVE-2008-4360.dpatch
- Fix mod_userdir information disclosure
* References
+ https://bugs.launchpad.net/bugs/cve/2008-4298
+ https://bugs.launchpad.net/bugs/cve/2008-4360
-
914356e...
by
Marcin Gibula
on 2009-03-04
-
Import patches-unapplied version 1.4.19-0ubuntu3.1 to ubuntu/hardy-security
Imported using git-ubuntu import.
Changelog parent: ae3e0066c2d49e8b04d4468d282ae91b4286430c
New changelog entries:
* SECURITY UPDATE: (LP: #279490)
+ debian/patches/93_CVE-2008-4298.dpatch
- Fix memory leak in request header handling
+ debian/patches/95_CVE-2008-4360.dpatch
- Fix mod_userdir information disclosure
* References
+ https://bugs.launchpad.net/bugs/cve/2008-4298
+ https://bugs.launchpad.net/bugs/cve/2008-4360
-
68b5507...
by
Emanuele Gentili
on 2008-04-05
-
Import patches-applied version 1.4.19-0ubuntu3 to applied/ubuntu/hardy
Imported using git-ubuntu import.
Changelog parent: 74524032bb10affae927bb7863b10366f175d3e0
Unapplied parent: ae3e0066c2d49e8b04d4468d282ae91b4286430c
New changelog entries:
* SECURITY UPDATE: (LP: #209627)
+ debian/patches/92_CVE-2008-1531.dpatch
- lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
of service (active SSL connection loss) by triggering an SSL error,
such as disconnecting before a download has finished, which causes
all active SSL connections to be lost.
* References
+ http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
+ http://trac.lighttpd.net/trac/changeset/2136
+ http://trac.lighttpd.net/trac/changeset/2139
-
ae3e006...
by
Emanuele Gentili
on 2008-04-05
-
Import patches-unapplied version 1.4.19-0ubuntu3 to ubuntu/hardy
Imported using git-ubuntu import.
Changelog parent: b3e7be4256a958c9f0ce6262bcc72297816ee1ec
New changelog entries:
* SECURITY UPDATE: (LP: #209627)
+ debian/patches/92_CVE-2008-1531.dpatch
- lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
of service (active SSL connection loss) by triggering an SSL error,
such as disconnecting before a download has finished, which causes
all active SSL connections to be lost.
* References
+ http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
+ http://trac.lighttpd.net/trac/changeset/2136
+ http://trac.lighttpd.net/trac/changeset/2139
-
7452403...
by
Stephan Ruegamer
on 2008-03-17
-
Import patches-applied version 1.4.19-0ubuntu2 to applied/ubuntu/hardy
Imported using git-ubuntu import.
Changelog parent: 820579ed28352cf6b6663a1510e8f49d5af67eca
Unapplied parent: b3e7be4256a958c9f0ce6262bcc72297816ee1ec
New changelog entries:
* debian/rules: (LP: #174289)
- set DEB_UPDATE_RCD_PARAMS to "defaults 91 09" to not start lighty before
apache2 but in the same runlevel with the same priority
-
b3e7be4...
by
Stephan Ruegamer
on 2008-03-17
-
Import patches-unapplied version 1.4.19-0ubuntu2 to ubuntu/hardy
Imported using git-ubuntu import.
Changelog parent: 1bbb3fb11c7887c320585e90f9322c58435cda81
New changelog entries:
* debian/rules: (LP: #174289)
- set DEB_UPDATE_RCD_PARAMS to "defaults 91 09" to not start lighty before
apache2 but in the same runlevel with the same priority
-
820579e...
by
Stephan Ruegamer
on 2008-03-12
-
Import patches-applied version 1.4.19-0ubuntu1 to applied/ubuntu/hardy
Imported using git-ubuntu import.
Changelog parent: 0d706b9d5732b513b2cb40a075b6413caee16f53
Unapplied parent: 1bbb3fb11c7887c320585e90f9322c58435cda81
New changelog entries:
* New upstream release (LP: #201439)
For Changes please read the NEWS file
All security patches we have in 1.4.18 of hardy are included now upstream
* debian/patches/*: All changes introduced by this patches are now applied
upstream
- Dropped 90_CVE-2008-1111.dpatch
- Dropped 91_CVE-2008-1270.dpatch
- Dropped 90_maxfds_crash_fix.dpatch
- Dropped 03_ldap_leak_bugfix.dpatch
- Dropped 04_ldap_build_filter_fix.dpatch
- Dropped 90_accept_ranges_fix.dpatch
* debian/lighttpd.conf: (From Debian)
- Move the aliases on /doc/ and /images/ mandated by policy at the end to
circumvent #445459.
* debian/rules: (From Debian)
- Remove spurious mkdir in debian/rules (Closes: dbts 448160).
* debian/conf-available/10-rrdtool: (From Debian)
- Add sample configuration for the mod_rrdtool (Closes: dbts 462907).
* debian/lighttpd.install:
- Install 10-rrdtool
* debian/patches/ldap-deprecated.dpatch:
- Force use of deprecated ldap interfaces (Closes: dbts 463368),
thanks to Dann Frazier (patches/ldap-deprecated.dpatch).
* Bumped Standards Version to 3.7.3, Bumbed Compat to 6, adjusted build-dep
of debhelper accordingly
* The “I HATE DPATCH”-release.
* Add patches for real as dpatch-edit-patch is stupid enough for not doing
it by itself (Closes: 463368, 469307).
* Force use of deprecated ldap interfaces (Closes: 463368),
thanks to Dann Frazier (patches/ldap-deprecated.dpatch).
* Add sample configuration for the mod_rrdtool (Closes: 462907).
* add patches/06_mod_cgi_vuln_fix.dpatch to fix CVE-2008-1111
(Closes: 469307).
* Remove spurious mkdir in debian/rules (Closes: 448160).
* Bump urgency for RC bug fixes.
* Move the aliases on /doc/ and /images/ mandated by policy at the end to
circumvent #445459.
* Add patches/05_fdevent_fix.dpatch to fix possible remote DoS
(Closes: 466663).
* bump urgency for security fix.
-
1bbb3fb...
by
Stephan Ruegamer
on 2008-03-12
-
Import patches-unapplied version 1.4.19-0ubuntu1 to ubuntu/hardy
Imported using git-ubuntu import.
Changelog parent: 53200b85b81599ed7b676a89db9b547802b42201
New changelog entries:
* New upstream release (LP: #201439)
For Changes please read the NEWS file
All security patches we have in 1.4.18 of hardy are included now upstream
* debian/patches/*: All changes introduced by this patches are now applied
upstream
- Dropped 90_CVE-2008-1111.dpatch
- Dropped 91_CVE-2008-1270.dpatch
- Dropped 90_maxfds_crash_fix.dpatch
- Dropped 03_ldap_leak_bugfix.dpatch
- Dropped 04_ldap_build_filter_fix.dpatch
- Dropped 90_accept_ranges_fix.dpatch
* debian/lighttpd.conf: (From Debian)
- Move the aliases on /doc/ and /images/ mandated by policy at the end to
circumvent #445459.
* debian/rules: (From Debian)
- Remove spurious mkdir in debian/rules (Closes: dbts 448160).
* debian/conf-available/10-rrdtool: (From Debian)
- Add sample configuration for the mod_rrdtool (Closes: dbts 462907).
* debian/lighttpd.install:
- Install 10-rrdtool
* debian/patches/ldap-deprecated.dpatch:
- Force use of deprecated ldap interfaces (Closes: dbts 463368),
thanks to Dann Frazier (patches/ldap-deprecated.dpatch).
* Bumped Standards Version to 3.7.3, Bumbed Compat to 6, adjusted build-dep
of debhelper accordingly
* The “I HATE DPATCH”-release.
* Add patches for real as dpatch-edit-patch is stupid enough for not doing
it by itself (Closes: 463368, 469307).
* Force use of deprecated ldap interfaces (Closes: 463368),
thanks to Dann Frazier (patches/ldap-deprecated.dpatch).
* Add sample configuration for the mod_rrdtool (Closes: 462907).
* add patches/06_mod_cgi_vuln_fix.dpatch to fix CVE-2008-1111
(Closes: 469307).
* Remove spurious mkdir in debian/rules (Closes: 448160).
* Bump urgency for RC bug fixes.
* Move the aliases on /doc/ and /images/ mandated by policy at the end to
circumvent #445459.
* Add patches/05_fdevent_fix.dpatch to fix possible remote DoS
(Closes: 466663).
* bump urgency for security fix.
-
0d706b9...
by
Emanuele Gentili
on 2008-03-11
-
Import patches-applied version 1.4.18-1ubuntu6 to applied/ubuntu/hardy
Imported using git-ubuntu import.
Changelog parent: d7c135d43dc858e1565e6bbdf9714893ee0ae2a2
Unapplied parent: 53200b85b81599ed7b676a89db9b547802b42201
New changelog entries:
* SECURITY UPDATE: (LP: #200987)
+ debian/patches/91_CVE-2008-1270.dpatch
- mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
uses a default of $HOME, which might allow remote attackers to read arbitrary
files, as demonstrated by accessing the ~nobody directory.
* References
+ CVE-2008-1270
+ http://trac.lighttpd.net/trac/ticket/1587
+ http://trac.lighttpd.net/trac/changeset/2120
-
53200b8...
by
Emanuele Gentili
on 2008-03-11
-
Import patches-unapplied version 1.4.18-1ubuntu6 to ubuntu/hardy
Imported using git-ubuntu import.
Changelog parent: 4e624aa827acb2dfa23ff077a02cadf09f17ce00
New changelog entries:
* SECURITY UPDATE: (LP: #200987)
+ debian/patches/91_CVE-2008-1270.dpatch
- mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
uses a default of $HOME, which might allow remote attackers to read arbitrary
files, as demonstrated by accessing the ~nobody directory.
* References
+ CVE-2008-1270
+ http://trac.lighttpd.net/trac/ticket/1587
+ http://trac.lighttpd.net/trac/changeset/2120