bozohttpd 20111118-1+deb7u1build0.14.04.1 source package in Ubuntu


bozohttpd (20111118-1+deb7u1build0.14.04.1) trusty-security; urgency=medium

  * fake sync from Debian

bozohttpd (20111118-1+deb7u1) wheezy-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Fix CVE-2014-5015:
    bozotic HTTP server (aka bozohttpd) before 201407081 truncates paths when
    checking .htpasswd restrictions, which allows remote attackers to bypass
    the HTTP authentication scheme and access restrictions via a long path.
    (Closes: #755197)
  * CVE-2015-8212:
    Fix a security issue in CGI suffix handler support which would allow remote
    code execution.

 -- Steve Beattie <email address hidden>  Fri, 24 Jun 2016 14:35:34 -0700

Upload details

Uploaded by:
Steve Beattie
Uploaded to:
Original maintainer:
Mattias Nordstrom
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section
Trusty updates universe net
Trusty security universe net


File Size SHA-256 Checksum
bozohttpd_20111118.orig.tar.gz 54.9 KiB 6cb6ab6fb3b127af452ffd4ddbdd5e9c1676934bd19b8b5edc12c33e0fe4278d
bozohttpd_20111118-1+deb7u1build0.14.04.1.diff.gz 5.8 KiB dcd4860ac41e8c2f36ff2d72886843bbbeae56c1fd38a5977ff76aa0b28c936a
bozohttpd_20111118-1+deb7u1build0.14.04.1.dsc 1.7 KiB 2b569efdf444ec9aaf82026b765be51f3c9cae0f09883c11943b0db21dc8bf64

View changes file

Binary packages built by this source

bozohttpd: Bozotic HTTP server

 A small and secure HTTP server. Its main feature is the
 lack of features, reducing code size and improving verifiability. It
 has no configuration file by design.
 It supports CGI/1.1, HTTP/1.1, HTTP/1.0, HTTP/0.9, ~user translations,
 virtual hosting support, as well as multiple IP-based servers on a
 single machine, and is able to serve pages via the IPv6 protocol.