Lighttpd in repository is outdated (security!)
Bug #119727 reported by
PowerUser
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lighttpd (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: lighttpd
I'm running Kubuntu 7.04 for AMD64.
Lighttp 1.4.15 is out, it fixes possible DoS attack on server.Please update repository since this affects security\
To post a comment you must log in.
Thanks for you bug reports. The two security fixes have already been applied in our repository before the release. It is described in the changelog:
lighttpd (1.4.13-9ubuntu4) feisty; urgency=low
* Added LDAP connection leak fix from Debian (Bug: #413917) patches/ 03_ldap_ leak_bugfix. dpatch
debian/ patches/ 04_security_ crlf_parsing_ dos.dpatch
debian/ patches/ 05_security_ zero_mtime_ crash.dpatch
- debian/
* Added security fixes from 1.4.14 (Closes LP: #106416)
- Remote DOS in CRLF parsing (CVE-2007-1869)
- DOS with files with mtime 0 (CVE-2007-1870)
-- Lukas Fittl <email address hidden> Sat, 14 Apr 2007 05:26:10 +0200