Format: 1.8
Date: Fri, 24 Jun 2016 14:35:34 -0700
Source: bozohttpd
Binary: bozohttpd
Architecture: source
Version: 20111118-1+deb7u1build0.14.04.1
Distribution: trusty-security
Urgency: high
Maintainer: Mattias Nordstrom <mnordstr@debian.org>
Changed-By: Steve Beattie <sbeattie@ubuntu.com>
Description: 
 bozohttpd  - Bozotic HTTP server
Closes: 755197
Changes: 
 bozohttpd (20111118-1+deb7u1build0.14.04.1) trusty-security; urgency=medium
 .
   * fake sync from Debian
 .
 bozohttpd (20111118-1+deb7u1) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2014-5015:
     bozotic HTTP server (aka bozohttpd) before 201407081 truncates paths when
     checking .htpasswd restrictions, which allows remote attackers to bypass
     the HTTP authentication scheme and access restrictions via a long path.
     (Closes: #755197)
   * CVE-2015-8212:
     Fix a security issue in CGI suffix handler support which would allow remote
     code execution.
Checksums-Sha1: 
 461210e3995a64384d01be41d2c821822e689721 1760 bozohttpd_20111118-1+deb7u1build0.14.04.1.dsc
 616ac12aa41676d1153772d2f85a1242ddcee66b 5901 bozohttpd_20111118-1+deb7u1build0.14.04.1.diff.gz
Checksums-Sha256: 
 2b569efdf444ec9aaf82026b765be51f3c9cae0f09883c11943b0db21dc8bf64 1760 bozohttpd_20111118-1+deb7u1build0.14.04.1.dsc
 dcd4860ac41e8c2f36ff2d72886843bbbeae56c1fd38a5977ff76aa0b28c936a 5901 bozohttpd_20111118-1+deb7u1build0.14.04.1.diff.gz
Files: 
 340b31c9b1d6ea20335ed38bc188510a 1760 httpd extra bozohttpd_20111118-1+deb7u1build0.14.04.1.dsc
 bc05deec49bdba3ce54a220468a63037 5901 httpd extra bozohttpd_20111118-1+deb7u1build0.14.04.1.diff.gz