Ubuntu

Change log for “lighttpd” package in Ubuntu

175 of 95 results
Published in trusty-release on 2014-01-28
Deleted in trusty-proposed (Reason: moved to release)
lighttpd (1.4.33-1+nmu2ubuntu2) trusty; urgency=medium

  * Use dh-autoreconf to regenerate autotools files, fixes FTBFS with
    automake 1.14.1 (Closes: #726934)
  * Add lighttpd.pc to ac_config_files to fix FTBFS:
    make[3]: *** No rule to make target `lighttpd.pc', needed by `all-am'.
 -- Andreas Moog <email address hidden>   Tue, 28 Jan 2014 18:08:02 +0100
Superseded in trusty-release on 2014-01-28
Deleted in trusty-proposed on 2014-01-29 (Reason: moved to release)
lighttpd (1.4.33-1+nmu2ubuntu1) trusty; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/index.html: corrected BTS Ubuntu link for lighttpd.
    - debian/index.html: s/Debian/Ubuntu/g branding on the default page.
    - debian/lighttpd.conf: Comment 'use-ipv6.pl' by default, which causes
      failure to bind port in ipv4.
    - Add lighttpd-dev package:
      + debian/control: Added lighttpd-dev package; Build-depends on
        automake (>=1.14), libtool.
      + debian/lighttpd-dev.install: Added.
    - debian/control: libgamin-dev rather than libfam-dev to fix startup warning.
    - debian/rules: Add override_dh_installinit to set "defaults 91 09" to not
      start before apache2 but in the same runlevel with the same priority.
    - Added a UFW profile set:
      + debian/lighttpd.dirs: added etc/ufw/applications.d
      + debian/rules: install the ufw profile.
      + debian/control: Suggests on ufw.

Superseded in trusty-release on 2013-12-18
Deleted in trusty-proposed on 2013-12-19 (Reason: moved to release)
lighttpd (1.4.33-1ubuntu1) trusty; urgency=low

  * Merge from Debian unstable (LP: #1246886).  Remaining changes:
    - debian/index.html: corrected BTS Ubuntu link for lighttpd.
    - debian/index.html: s/Debian/Ubuntu/g branding on the default page.
    - debian/lighttpd.conf: Comment 'use-ipv6.pl' by default, which causes
      failure to bind port in ipv4.
    - Add lighttpd-dev package:
      + debian/control: Added lighttpd-dev package; Build-depends on
        automake (>=1.14), libtool.
      + debian/lighttpd-dev.install: Added.
    - debian/control: libgamin-dev rather than libfam-dev to fix startup warning.
    - debian/rules: Add override_dh_installinit to set "defaults 91 09" to not
      start before apache2 but in the same runlevel with the same priority.
    - Added a UFW profile set:
      + debian/lighttpd.dirs: added etc/ufw/applications.d
      + debian/rules: install the ufw profile.
      + debian/control: Suggests on ufw.
    - debian/patches/build-dev-package.patch: Updated to reflect 1.4.33 changes.

Available diffs

Superseded in trusty-release on 2013-11-07
Published in saucy-release on 2013-10-15
Deleted in saucy-proposed (Reason: moved to release)
lighttpd (1.4.31-3ubuntu3) saucy; urgency=low

  * Use the autotools-dev dh addon to update config.guess/config.sub for
    arm64.
 -- Colin Watson <email address hidden>   Tue, 15 Oct 2013 11:01:00 +0100

Available diffs

Superseded in saucy-release on 2013-10-15
Published in raring-release on 2013-03-25
Deleted in raring-proposed (Reason: moved to release)
lighttpd (1.4.31-3ubuntu2) raring; urgency=low

  * Import change from debian version 1.4.31-4:
    - CVE-2013-1427: Switch the socket path for PHP when using FASTCGI. /tmp
      is world-writable which may cause security implications if an attacker
      manages to control /tmp/php.socket before the web server (re-)starts.
 -- Lorenzo De Liso <email address hidden>   Mon, 25 Mar 2013 11:55:53 +0100

Available diffs

Superseded in raring-release on 2013-03-25
Deleted in raring-proposed on 2013-03-26 (Reason: moved to release)
lighttpd (1.4.31-3ubuntu1) raring; urgency=low

  * Merge from debian unstable, remaining changes:
    - debian/control: libgamin-dev rather than libfam-dev to fix startup warning.
    - debian/index.html: s/Debian/Ubuntu/g branding on the default page.
    - Added a UFW profile set:
      + debian/lighttpd.dirs: added etc/ufw/applications.d
      + debian/rules: install the ufw profile.
      + debian/control: Suggests on ufw.
    - Add lighttpd-dev package:
      + debian/control: Added lighttpd-dev package; Build-depends on
        automake, libtool
      + debian/lighttpd-dev.install: Added.
    - debian/rules: Add override_dh_installinit to set "defaults 91 09" to not
      start before apache2 but in the same runlevel with the same priority.
    - debian/patches/build-dev-package.patch: Updated
    - debian/lighttpd.conf: Comment 'use-ipv6.pl' by default, which causes
      failure to bind port in ipv4
  * debian/index.html: corrected BTS Ubuntu link for lighttpd

Available diffs

Published in lucid-updates on 2011-12-20
Published in lucid-security on 2011-12-20
lighttpd (1.4.26-1.1ubuntu3.1) lucid-security; urgency=low

  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362
 -- Mahyuddin Susanto <email address hidden>   Tue, 20 Dec 2011 17:34:44 +0700
Obsolete in maverick-updates on 2013-03-05
Obsolete in maverick-security on 2013-03-05
lighttpd (1.4.26-3ubuntu2.1) maverick-security; urgency=low

  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362
 -- Mahyuddin Susanto <email address hidden>   Tue, 20 Dec 2011 17:35:38 +0700
Obsolete in natty-updates on 2013-06-04
Obsolete in natty-security on 2013-06-04
lighttpd (1.4.28-2ubuntu1.1) natty-security; urgency=low

  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362
 -- Mahyuddin Susanto <email address hidden>   Tue, 20 Dec 2011 17:36:09 +0700
Published in oneiric-updates on 2011-12-20
Published in oneiric-security on 2011-12-20
lighttpd (1.4.28-2ubuntu2.1) oneiric-security; urgency=low

  * SECURITY UPDATE: Fix DoS because of incorrect code in src/http_auth.c:67
    (LP: #906792)
    - debian/patches/CVE-2011-4362.patch: patch derived from upstream
    - CVE-2011-4362
 -- Mahyuddin Susanto <email address hidden>   Tue, 20 Dec 2011 17:36:39 +0700
Superseded in raring-release on 2012-12-06
Published in quantal-release on 2012-04-26
Published in precise-release on 2011-12-20
lighttpd (1.4.28-2ubuntu4) precise; urgency=low

  * debian/patches/CVE-2011-4362.patch: Fix DoS because of incorrect code in
    src/http_auth.c:67 (LP: #906792)
    - CVE-2011-4362
 -- Mahyuddin Susanto <email address hidden>   Tue, 20 Dec 2011 17:32:22 +0700

Available diffs

Superseded in precise-release on 2011-12-20
lighttpd (1.4.28-2ubuntu3) precise; urgency=low

  * Rebuild for libmysqlclient transition
 -- Clint Byrum <email address hidden>   Wed, 23 Nov 2011 23:54:14 -0800

Available diffs

Superseded in precise-release on 2011-11-24
Published in oneiric-release on 2011-08-20
lighttpd (1.4.28-2ubuntu2) oneiric; urgency=low

  * No-change rebuild for openssl0.9.8 -> openssl1.0.0 transition.
 -- Ilya Barygin <email address hidden>   Sun, 21 Aug 2011 00:26:14 +0400

Available diffs

Superseded in oneiric-release on 2011-08-20
Obsolete in natty-release on 2013-06-04
lighttpd (1.4.28-2ubuntu1) natty; urgency=low

  * Merge from debian unstable. Remaining changes:
    - debian/control:
      + libgamin-dev rather than libfam-dev to fix startup warning.
      + debhelper Build-depends bumped to (>= 7.0.50) for
        overrides in rules file.
    - debian/index.html: s/Debian/Ubuntu/g branding on the default page.
    - Added a UFW profile set:
      + debian/lighttpd.dirs: added etc/ufw/applications.d
      + debian/rules: install the ufw profile.
      + debian/control: Suggests on ufw.
    - Add lighttpd-dev package:
      + debian/control: Added lighttpd-dev package; Build-depends on
        automake, libtool
      + debian/lighttpd-dev.install: Added.
    - debian/rules:
      + Add override_dh_installinit to set "defaults 91 09" to not start
        before apache2 but in the same runlevel with the same priority.
    - debian/patches/build-dev-package.patch: Updated
    - debian/lighttpd.conf: Comment 'use-ipv6.pl' by default, which causes
      failure to bind port in ipv4 (LP: #551211)

Superseded in natty-release on 2010-11-21
lighttpd (1.4.28-1ubuntu1) natty; urgency=low

  * Merge from debian unstable, remaining changes:
    - debian/control:
      + libgamin-dev rather than libfam-dev to fix startup warning.
      + debhelper Build-depends bumped to (>= 7.0.50) for
        overrides in rules file.
    - debian/index.html: s/Debian/Ubuntu/g branding on the default page.
    - Added a UFW profile set:
      + debian/lighttpd.dirs: added etc/ufw/applications.d
      + debian/rules: install the ufw profile.
      + debian/control: Suggests on ufw.
    - Add lighttpd-dev package:
      + debian/control: Added lighttpd-dev package; Build-depends on
        automake, libtool
      + debian/lighttpd-dev.install: Added.
    - debian/rules:
      + Add override_dh_installinit to set "defaults 91 09" to not start
        before apache2 but in the same runlevel with the same priority.
    - debian/patches/build-dev-package.patch: Updated
    - debian/lighttpd.conf: Comment 'use-ipv6.pl' by default, which causes
      failure to bind port in ipv4 (LP: #551211)
  * debian/patches/build-dev-package.patch: updated
  * Dropped changes:
    - debian/lighttpd.init: clean environment; Check syntax during start/reload:
      this change has been applied in the debian package
    - syntax_check function defined in init script. (LP: #600767): this change
      has been applied in the debian package
    - debian/patches/build-dev-package.patch: Updated: patch updated newly

Superseded in natty-release on 2010-10-16
Obsolete in maverick-release on 2013-03-05
lighttpd (1.4.26-3ubuntu2) maverick; urgency=low

  * syntax_check function defined in init script. (LP: #600767)
 -- David Sugar <email address hidden>   Thu, 15 Jul 2010 17:50:35 +0000

Available diffs

Superseded in maverick-release on 2010-07-15
lighttpd (1.4.26-3ubuntu1) maverick; urgency=low

  * Merge from debian unstable (LP: #599010), remaining changes:
    - debian/control:
      + libgamin-dev rather than libfam-dev to fix startup warning.
      + debhelper Build-depends bumped to (>= 7.0.50) for
        overrides in rules file.
    - debian/lighttpd.init: clean environment; Check syntax during start/reload
      restart/force-reload.
    - debian/index.html: s/Debian/Ubuntu/g branding on the default page.
    - Added a UFW profile set:
      + debian/lighttpd.dirs: added etc/ufw/applications.d
      + debian/rules: install the ufw profile.
      + debian/control: Suggests on ufw.
    - Add lighttpd-dev package:
      + debian/control: Added lighttpd-dev package; Build-depends on
        automake, libtool
      + debian/lighttpd-dev.install: Added.
    - debian/rules:
      + Add override_dh_installinit to set "defaults 91 09" to not start
        before apache2 but in the same runlevel with the same priority.
    - debian/patches/build-dev-package.patch: Updated
    - debian/lighttpd.conf: Comment 'use-ipv6.pl' by default, which causes
      failure to bind port in ipv4 (LP: #551211)

Superseded in maverick-release on 2010-06-27
Published in lucid-release on 2010-04-06
lighttpd (1.4.26-1.1ubuntu3) lucid; urgency=low

  * debian/control: Rebuild for libmysqlclient transition.
 -- Chuck Short <email address hidden>   Tue, 06 Apr 2010 06:12:07 -0400
Superseded in lucid-release on 2010-04-06
lighttpd (1.4.26-1.1ubuntu2) lucid; urgency=low

  * debian/lighttpd.conf: Comment 'use-ipv6.pl' by default, which causes
    failure to bind port in ipv4 (LP: #551211)
 -- Andres Rodriguez <email address hidden>   Sat, 03 Apr 2010 15:37:37 -0400
Superseded in lucid-release on 2010-04-03
lighttpd (1.4.26-1.1ubuntu1) lucid; urgency=low

  * Merge from debian unstable (LP: #407722).  Remaining changes:
    - debian/control: libgamin-dev rather than libfam-dev to fix startup
      warning.
    - debian/init.d: clean environment; Check syntax during start/reload
      restart/force-reload.
    - debian/index.html: s/Debian/Ubuntu/g branding on the default page.
    - Added a UFW profile set:
      + debian/lighttpd.dirs: added etc/ufw/applications.d
      + debian/rules: install the ufw profile.
      + debian/control: Suggests on ufw.
    - Add lighttpd-dev package:
      + debian/control: Added lighttpd-dev package; Build-depends on
        automake, libtool
      + debian/lighttpd-dev.install: Added.
  * debian/control: debhelper Build-depends bumped to (>= 7.0.50) for
    overrides in rules file.
  * debian/rules:
    - Add override_dh_installinit to set "defaults 91 09" to not start
      before apache2 but in the same runlevel with the same priority.
  * debian/patches/build-dev-package.patch: Updated
  * Also closes: (LP: #521659, LP: #523682)

Superseded in lucid-release on 2010-03-27
Obsolete in karmic-release on 2013-03-04
lighttpd (1.4.22-1ubuntu4) karmic; urgency=low

  * Fix FTBFS, replaced automake with automake1.10 on Build-Depends
    (LP #447672)

 -- Joao Pinto <email address hidden>   Sat, 10 Oct 2009 00:08:19 +0000

Available diffs

Superseded in karmic-release on 2009-10-10
lighttpd (1.4.22-1ubuntu3) karmic; urgency=low

  * debian/lighttpd.logrotate: check if lighttpd is running, before
    calling reload, which would start the daemon if it is not running
    currently (LP: #393792)

 -- Daniel Hahler <email address hidden>   Fri, 03 Jul 2009 01:05:29 +0200

Available diffs

Superseded in karmic-release on 2009-07-03
lighttpd (1.4.22-1ubuntu2) karmic; urgency=low

  * Introduce patches to introduce a -dev package for lighttpd. Closes
    (LP: #326899). Should merge seamlessly in the future.

  [ Andreas Moog ]
  * debian/control
    - add lighttpd-dev package
  * debian/patches
    - add build-dev-package.patch to include pkg-config files for lighttpd
  * debian/
    - add lighttpd-dev.install

  [ Morten Kjeldgaard ]
  * debian/rules: add DEB_AUTO_UPDATE_* variables to ensure autotool
    files get updated with our patches.
  * Minor cleanups and update Andreas' patches to version 1.4.22.

 -- Morten Kjeldgaard <email address hidden>   Thu, 18 Jun 2009 14:57:10 +0200
Superseded in karmic-release on 2009-06-18
lighttpd (1.4.22-1ubuntu1) karmic; urgency=low

  * Merge from debian unstable (LP: #384367), remaining changes:
    - debian/control: Depend on lsb (>= 3.2-14), which has the status_of_proc()
      function; libgamin-dev rather than libfam-dev to fix startup warning.
    - debian/init.d: Add the 'status' action, clean environment; Check syntax
      during start/reload/restart/force-reload.
    - debian/rules: set DEB_UPDATE_RCD_PARAMS to "defaults 91 09" to not start
      lighty before apache2 but in the same runlevel with the same priority;
      Make sure that upgrades succeed, even if we can't restart lighttpd.
    - debian/index.html: s/Debian/Ubuntu/g branding on the default page.
    - Added a UFW profile set:
      + debian/lighttpd.dirs: added etc/ufw/applications.d
      + debian/rules: install the ufw profile.
      + debian/control: Suggests on ufw.
  * debian/patches/fix-conf-doc.patch: Update headers to match package version

Available diffs

Published in hardy-updates on 2009-03-21
Published in hardy-security on 2009-03-20
lighttpd (1.4.19-0ubuntu3.1) hardy-security; urgency=low

  * SECURITY UPDATE: (LP: #279490)
   + debian/patches/93_CVE-2008-4298.dpatch
    - Fix memory leak in request header handling
   + debian/patches/95_CVE-2008-4360.dpatch
    - Fix mod_userdir information disclosure
  * References
   + https://bugs.launchpad.net/bugs/cve/2008-4298
   + https://bugs.launchpad.net/bugs/cve/2008-4360

 -- Marcin Gibula <email address hidden>   Wed, 04 Mar 2009 13:42:05 +0100
Superseded in karmic-release on 2009-06-09
Obsolete in jaunty-release on 2013-02-28
lighttpd (1.4.19-5ubuntu7) jaunty; urgency=low

  * debian/index.html: do not point to edge.launchpad.net
    (LP: #302845)
  * Fix documentation reference to virtual hosting by referring
    to mod_simple_vhost (LP: #247271)
    - debian/patches/fix-conf-doc.patch

 -- Daniel Hahler <email address hidden>   Tue, 17 Mar 2009 22:36:05 +0100

Available diffs

Superseded in jaunty-release on 2009-03-17
lighttpd (1.4.19-5ubuntu6) jaunty; urgency=low

  * Finally provide what ~ubuntu3 should have been already, fixing
    another shell script error (LP: #329595)

 -- Daniel Hahler <email address hidden>   Mon, 16 Feb 2009 20:37:19 +0100

Available diffs

Superseded in jaunty-release on 2009-02-16
lighttpd (1.4.19-5ubuntu5) jaunty; urgency=low

  * Fix bashism in init.d (LP: #329595)

 -- Daniel Hahler <email address hidden>   Sun, 15 Feb 2009 23:53:19 +0100

Available diffs

Superseded in jaunty-release on 2009-02-15
lighttpd (1.4.19-5ubuntu4) jaunty; urgency=low

  * Remove check-syntax-on-startup from debian/patches/series because there is
    not a patch with this name (changes in the last revision were all inside
    the debian dir)

 -- Scott Kitterman <email address hidden>   Sat, 14 Feb 2009 19:07:20 -0500

Available diffs

Superseded in jaunty-release on 2009-02-15
lighttpd (1.4.19-5ubuntu3) jaunty; urgency=low

  * init.d: check sytax during start/reload/restart/force-reload.
    Patch provided by Nic Ferrier. (LP: #286887)

 -- Daniel Hahler <email address hidden>   Sat, 14 Feb 2009 22:18:35 +0100

Available diffs

Superseded in jaunty-release on 2009-02-14
lighttpd (1.4.19-5ubuntu2) jaunty; urgency=low

  * Added a UFW profile set. (LP: #317994)
    - debian/lighttpd.dirs: added etc/ufw/applications.d
    - debian/rules: install the ufw profile
    - debian/control: lighttpd: suggest ufw

 -- Jacob Peddicord <email address hidden>   Fri, 23 Jan 2009 19:43:51 -0500

Available diffs

Superseded in jaunty-release on 2009-01-26
lighttpd (1.4.19-5ubuntu1) jaunty; urgency=low

  * Merge from debian unstable, remaining changes:
   - debian/control: Depend on lsb >= 3.2-14, which has the
     status_of_proc() function; libgamin-dev rather than libfam-dev
     to fix startup warning
   - debian/init.d: Add the 'status' action, clean environment
   - debian/rules: set DEB_UPDATE_RCD_PARAMS to "defaults 91 09" to not
     start lighty before apache2 but in the same runlevel with the same
     priority
   - debian/index.html: s/Debian/Ubuntu/g branding on the default page
   - debian/compat: standards version 3.7.3, bump compat to 6, adjusted
     build-dep of debhelper accordingly
  * Dropped changes
   - debian/lighttpd.install: all changes upstream now, order adjusted
     accordingly

Superseded in jaunty-release on 2008-11-23
Obsolete in intrepid-release on 2013-02-20
lighttpd (1.4.19-4ubuntu2) intrepid; urgency=low

  * debian/control: Depend on lsb >= 3.2-14, which has the
    status_of_proc() function.
  * debian/init.d: Add the 'status' action (LP: #251924).

 -- Andres Rodriguez <email address hidden>   Fri, 25 Jul 2008 11:47:48 -0500

Available diffs

Superseded in intrepid-release on 2008-07-29
lighttpd (1.4.19-4ubuntu1) intrepid; urgency=low

  * Merge from debian unstable (LP: #233966), remaining changes:
    - debian/rules: (From Debian)
    - Remove spurious mkdir in debian/rules (Closes: dbts 448160).
    - debian/conf-available/10-rrdtool: (From Debian)
      + Add sample configuration for the mod_rrdtool (Closes: dbts 462907).
    - debian/lighttpd.install:
      + Install 10-rrdtool
    - debian/patches/ldap-deprecated.dpatch:
      + Force use of deprecated ldap interfaces (Closes: dbts 463368),
        thanks to Dann Frazier (patches/ldap-deprecated.dpatch).
    - debian/rules: (LP: #174289)
      + set DEB_UPDATE_RCD_PARAMS to "defaults 91 09" to not start lighty before
        apache2 but in the same runlevel with the same priority
    - Build against libgamin-dev rather than libfam-dev (fixes a warning
      during startup)
    - Make sure that upgrades succeed, even if we can't restart lighttpd.
    - Clean environment in init.d script.

Obsolete in gutsy-updates on 2011-09-16
Obsolete in gutsy-security on 2011-09-16
lighttpd (1.4.18-1ubuntu1.4) gutsy-security; urgency=low

  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

 -- Emanuele Gentili <email address hidden>   Sun, 06 Apr 2008 03:39:14 +0200
Obsolete in edgy-updates on 2008-06-19
Obsolete in edgy-security on 2008-06-19
lighttpd (1.4.13~r1370-1ubuntu1.7) edgy-security; urgency=low

  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

 -- Emanuele Gentili <email address hidden>   Mon, 07 Apr 2008 19:45:59 +0200
Obsolete in feisty-updates on 2009-08-20
Obsolete in feisty-security on 2009-08-20
lighttpd (1.4.13-9ubuntu4.6) feisty-security; urgency=low

  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/91_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

 -- Emanuele Gentili <email address hidden>   Sun, 06 Apr 2008 23:55:30 +0200
Superseded in intrepid-release on 2008-05-23
Published in hardy-release on 2008-04-06
lighttpd (1.4.19-0ubuntu3) hardy; urgency=low

  * SECURITY UPDATE: (LP: #209627)
   + debian/patches/92_CVE-2008-1531.dpatch
    - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
      of service (active SSL connection loss) by triggering an SSL error,
      such as disconnecting before a download has finished, which causes
      all active SSL connections to be lost.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
   + http://trac.lighttpd.net/trac/changeset/2136
   + http://trac.lighttpd.net/trac/changeset/2139

 -- Emanuele Gentili <email address hidden>   Sun, 06 Apr 2008 00:09:12 +0200
Superseded in hardy-release on 2008-04-06
lighttpd (1.4.19-0ubuntu2) hardy; urgency=low

  * debian/rules: (LP: #174289)
    - set DEB_UPDATE_RCD_PARAMS to "defaults 91 09" to not start lighty before
      apache2 but in the same runlevel with the same priority

 -- Stephan Hermann <email address hidden>   Mon, 17 Mar 2008 16:50:10 +0100
Superseded in hardy-release on 2008-03-17
lighttpd (1.4.19-0ubuntu1) hardy; urgency=low

  * New upstream release (LP: #201439)
    For Changes please read the NEWS file
    All security patches we have in 1.4.18 of hardy are included now upstream
  * debian/patches/*: All changes introduced by this patches are now applied
    upstream
    - Dropped 90_CVE-2008-1111.dpatch
    - Dropped 91_CVE-2008-1270.dpatch
    - Dropped 90_maxfds_crash_fix.dpatch
    - Dropped 03_ldap_leak_bugfix.dpatch
    - Dropped 04_ldap_build_filter_fix.dpatch
    - Dropped 90_accept_ranges_fix.dpatch
  * debian/lighttpd.conf: (From Debian)
    -  Move the aliases on /doc/ and /images/ mandated by policy at the end to
       circumvent #445459.
  * debian/rules: (From Debian)
    - Remove spurious mkdir in debian/rules (Closes: dbts 448160).
  * debian/conf-available/10-rrdtool: (From Debian)
    - Add sample configuration for the mod_rrdtool (Closes: dbts 462907).
  * debian/lighttpd.install:
    - Install 10-rrdtool
  * debian/patches/ldap-deprecated.dpatch:
    - Force use of deprecated ldap interfaces (Closes: dbts 463368),
      thanks to Dann Frazier (patches/ldap-deprecated.dpatch).
  * Bumped Standards Version to 3.7.3, Bumbed Compat to 6, adjusted build-dep
    of debhelper accordingly

 -- Stephan Hermann <email address hidden>   Wed, 12 Mar 2008 15:52:09 +0100
Superseded in gutsy-updates on 2008-04-22
Superseded in gutsy-security on 2008-04-17
lighttpd (1.4.18-1ubuntu1.3) gutsy-security; urgency=low

  * SECURITY UPDATE: (LP: #200987)
   + debian/patches/91_CVE-2008-1270.dpatch
    - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
      uses a default of $HOME, which might allow remote attackers to read arbitrary
      files, as demonstrated by accessing the ~nobody directory.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
   + http://trac.lighttpd.net/trac/ticket/1587
   + http://trac.lighttpd.net/trac/changeset/2120

 -- Emanuele Gentili <email address hidden>   Tue, 11 Mar 2008 14:37:58 +0100
Superseded in edgy-updates on 2008-04-22
Superseded in edgy-security on 2008-04-17
lighttpd (1.4.13~r1370-1ubuntu1.6) edgy-security; urgency=low

  * SECURITY UPDATE: (LP: #200987)
   + debian/patches/91_CVE-2008-1270.dpatch
    - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
      uses a default of $HOME, which might allow remote attackers to read arbitrary
      files, as demonstrated by accessing the ~nobody directory.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
   + http://trac.lighttpd.net/trac/ticket/1587
   + http://trac.lighttpd.net/trac/changeset/2120

 -- Emanuele Gentili <email address hidden>   Tue, 11 Mar 2008 14:58:14 +0100
Superseded in feisty-updates on 2008-04-22
Superseded in feisty-security on 2008-04-17
lighttpd (1.4.13-9ubuntu4.5) feisty-security; urgency=low

  * SECURITY UPDATE: (LP: #200987)
   + debian/patches/91_CVE-2008-1270.dpatch
    - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
      uses a default of $HOME, which might allow remote attackers to read arbitrary
      files, as demonstrated by accessing the ~nobody directory.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
   + http://trac.lighttpd.net/trac/ticket/1587
   + http://trac.lighttpd.net/trac/changeset/2120

 -- Emanuele Gentili <email address hidden>   Tue, 11 Mar 2008 14:51:11 +0100
Obsolete in dapper-updates on 2011-09-06
Obsolete in dapper-security on 2011-09-06
lighttpd (1.4.11-3ubuntu3.8) dapper-security; urgency=low

  * SECURITY UPDATE: (LP: #200987)
   + debian/patches/91_CVE-2008-1270.dpatch
    - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
      uses a default of $HOME, which might allow remote attackers to read arbitrary
      files, as demonstrated by accessing the ~nobody directory.
  * References
   + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270
   + http://trac.lighttpd.net/trac/ticket/1587
   + http://trac.lighttpd.net/trac/changeset/2120

 -- Emanuele Gentili <email address hidden>   Tue, 11 Mar 2008 15:03:17 +0100
Superseded in hardy-release on 2008-03-12
lighttpd (1.4.18-1ubuntu6) hardy; urgency=low

  * SECURITY UPDATE: (LP: #200987)
   + debian/patches/91_CVE-2008-1270.dpatch
    - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
      uses a default of $HOME, which might allow remote attackers to read arbitrary
      files, as demonstrated by accessing the ~nobody directory.
  * References
   + CVE-2008-1270
   + http://trac.lighttpd.net/trac/ticket/1587
   + http://trac.lighttpd.net/trac/changeset/2120

 -- Emanuele Gentili <email address hidden>   Tue, 11 Mar 2008 14:16:48 +0100
Superseded in gutsy-security on 2008-03-11
lighttpd (1.4.18-1ubuntu1.2) gutsy-security; urgency=low

  * SECURITY UPDATE:
   + debian/patches/91_CVE-2008-1111.dpatch:
    - Fixes CVE-2008-1111
      "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the
      source code of CGI scripts instead of a 500 error, which might allow
      remote attackers to obtain sensitive information." (LP: #198731)
  * References
   + http://trac.lighttpd.net/trac/changeset/2107
   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111

 -- Emanuele Gentili <email address hidden>   Wed, 05 Mar 2008 14:28:27 +0100
Superseded in edgy-security on 2008-03-11
lighttpd (1.4.13~r1370-1ubuntu1.5) edgy-security; urgency=low

  * SECURITY UPDATE:
   + debian/patches/91_CVE-2008-1111.dpatch:
    - Fixes CVE-2008-1111
      "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the
      source code of CGI scripts instead of a 500 error, which might allow
      remote attackers to obtain sensitive information." (LP: #198731)
  * References
   + http://trac.lighttpd.net/trac/changeset/2107
   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111

 -- Emanuele Gentili <email address hidden>   Wed, 05 Mar 2008 16:14:40 +0100
Superseded in feisty-security on 2008-03-11
lighttpd (1.4.13-9ubuntu4.4) feisty-security; urgency=low

  * SECURITY UPDATE:
   + debian/patches/91_CVE-2008-1111.dpatch:
    - Fixes CVE-2008-1111
      "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the
      source code of CGI scripts instead of a 500 error, which might allow
      remote attackers to obtain sensitive information." (LP: #198731)
  * References
   + http://trac.lighttpd.net/trac/changeset/2107
   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111

 -- Emanuele Gentili <email address hidden>   Wed, 05 Mar 2008 14:53:26 +0100
Superseded in dapper-security on 2008-03-11
lighttpd (1.4.11-3ubuntu3.7) dapper-security; urgency=low

  * SECURITY UPDATE:
   + debian/patches/91_CVE-2008-1111.dpatch:
    - Fixes CVE-2008-1111
      "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the
      source code of CGI scripts instead of a 500 error, which might allow
      remote attackers to obtain sensitive information." (LP: #198731)
  * References
   + http://trac.lighttpd.net/trac/changeset/2107
   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111

 -- Emanuele Gentili <email address hidden>   Wed, 05 Mar 2008 16:32:13 +0100
Superseded in hardy-release on 2008-03-11
lighttpd (1.4.18-1ubuntu5) hardy; urgency=low

  * debian/patches/90-CVE-2008-1111.dpatch:
    - Fixes CVE-2008-1111
      "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the source
      code of CGI scripts instead of a 500 error, which might allow remote attackers
      to obtain sensitive information."
      Upstream Patch: http://trac.lighttpd.net/trac/changeset/2107

 -- Stephan Hermann <email address hidden>   Wed, 05 Mar 2008 14:04:43 +0100
Superseded in hardy-release on 2008-03-05
lighttpd (1.4.18-1ubuntu4) hardy; urgency=low

  * debian/patches/90_accept_ranges_fix.dpatch:
    - Fixes a problem serving PDF files or other files who are in need of no
      Accept-Ranges header (http://trac.lighttpd.net/trac/ticket/541)
      (Patch: http://trac.lighttpd.net/trac/changeset/2090)
  * debian/index.html:
    - replaced all occurances of debian with ubuntu (LP: #115565)

 -- Stephan Hermann <email address hidden>   Mon, 03 Mar 2008 17:38:33 +0100
Superseded in gutsy-updates on 2008-03-26
Superseded in gutsy-security on 2008-03-07
lighttpd (1.4.18-1ubuntu1.1) gutsy-security; urgency=low

  * SECURITY UPDATE:
    + debian/patches/90_maxfds_crash_fix.dpatch:
      - added patch from upstream to fix the maxfds issue (LP: #195380)
  * References
    +  http://trac.lighttpd.net/trac/ticket/1562

 -- Emanuele Gentili <email address hidden>   Mon, 25 Feb 2008 16:21:40 +0100
Superseded in edgy-updates on 2008-03-26
Superseded in edgy-security on 2008-03-07
lighttpd (1.4.13~r1370-1ubuntu1.4) edgy-security; urgency=low

  * SECURITY UPDATE:
    + debian/patches/90_maxfds_crash_fix.dpatch:
      - added patch from upstream to fix the maxfds issue (LP: #195380)
  * References
    +  http://trac.lighttpd.net/trac/ticket/1562

 -- Emanuele Gentili <email address hidden>   Mon, 25 Feb 2008 16:46:33 +0100
Superseded in feisty-updates on 2008-03-26
Superseded in feisty-security on 2008-03-07
lighttpd (1.4.13-9ubuntu4.3) feisty-security; urgency=low

  * SECURITY UPDATE:
    + debian/patches/90_maxfds_crash_fix.dpatch:
      - added patch from upstream to fix the maxfds issue (LP: #195380)
  * References
    +  http://trac.lighttpd.net/trac/ticket/1562

 -- Emanuele Gentili <email address hidden>   Mon, 25 Feb 2008 16:35:30 +0100
Superseded in dapper-updates on 2008-03-26
Superseded in dapper-security on 2008-03-07
lighttpd (1.4.11-3ubuntu3.6) dapper-security; urgency=low

  * SECURITY UPDATE:
    + debian/patches/90_maxfds_crash_fix.dpatch:
      - added patch from upstream to fix the maxfds issue (LP: #195380)
  * References
    +  http://trac.lighttpd.net/trac/ticket/1562

 -- Emanuele Gentili <email address hidden>   Mon, 25 Feb 2008 16:58:32 +0100
Superseded in hardy-release on 2008-03-03
lighttpd (1.4.18-1ubuntu3) hardy; urgency=low

  * debian/patches/90_maxfds_crash_fix.dpatch:
    - added patch from upstream to fix the maxfds issue
    - See: http://trac.lighttpd.net/trac/ticket/1562

 -- Stephan Hermann <email address hidden>   Mon, 25 Feb 2008 11:51:57 +0100
Superseded in hardy-release on 2008-02-25
lighttpd (1.4.18-1ubuntu2) hardy; urgency=low

  * Rebuild against libldap2.4-2

 -- Emmet Hikory <email address hidden>   Thu, 24 Jan 2008 22:02:20 +0900
Superseded in hardy-release on 2008-01-24
Obsolete in gutsy-release on 2011-09-16
lighttpd (1.4.18-1ubuntu1) gutsy; urgency=low

  * Merge from Debian unstable, remaining changes:
    - Update maintainer field in debian/control.
    - Build against libgamin-dev rather than libfam-dev (fixes a warning
      during startup)
    - Make sure that upgrades succeed, even if we can't restart lighttpd.
    - Clean environment in init.d script.

 -- Soren Hansen <email address hidden>   Wed, 12 Sep 2007 14:02:31 +0200
Superseded in edgy-updates on 2008-02-29
Superseded in edgy-security on 2008-02-27
lighttpd (1.4.13~r1370-1ubuntu1.3) edgy-security; urgency=low

  * SECURITY UPDATE: fix DoS crash from improper EOL handling in mod_cgi.c
    (backported from upstream 1.4.17)
  * SECURITY UPDATE: fix potential DoS crash in etag.c. This patch also fixes
    possible dereferencing a NULL pointer in buffer.c (both backported from
    upstream 1.4.17)
  * SECURITY UPDATE: fix arbitrary code execution in mod_fastcgi.c due to
    improper handling of content length in HTTP headers.  Patch from upstream
  * References
    https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138309
    https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138310
    http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
    CVE-2007-4727

 -- Jamie Strandboge <email address hidden>   Sat, 10 Sep 2007 16:28:19 -0400
Superseded in feisty-updates on 2008-02-29
Superseded in feisty-security on 2008-02-27
lighttpd (1.4.13-9ubuntu4.2) feisty-security; urgency=low

  * SECURITY UPDATE: fix DoS crash from improper EOL handling in mod_cgi.c
    (backported from upstream 1.4.17)
  * SECURITY UPDATE: fix potential DoS crash in etag.c. This patch also fixes
    possible dereferencing a NULL pointer in buffer.c (both backported from
    upstream 1.4.17)
  * SECURITY UPDATE: fix arbitrary code execution in mod_fastcgi.c due to
    improper handling of content length in HTTP headers.  Patch from upstream
  * References
    https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138309
    https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138310
    http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
    CVE-2007-4727

 -- Jamie Strandboge <email address hidden>   Sat, 10 Sep 2007 14:57:39 -0400
Superseded in dapper-updates on 2008-02-29
Superseded in dapper-security on 2008-02-27
lighttpd (1.4.11-3ubuntu3.5) dapper-security; urgency=low

  * SECURITY UPDATE: fix DoS crash from improper EOL handling in mod_cgi.c
    (backported from upstream 1.4.17)
  * SECURITY UPDATE: fix potential DoS crash in etag.c. This patch also fixes
    possible dereferencing a NULL pointer in buffer.c (both backported from
    upstream 1.4.17)
  * SECURITY UPDATE: fix arbitrary code execution in mod_fastcgi.c due to
    improper handling of content length in HTTP headers.  Patch from upstream
  * References
    https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138309
    https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138310
    http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
    CVE-2007-4727

 -- Jamie Strandboge <email address hidden>   Sat, 08 Sep 2007 17:09:41 -0400
Superseded in gutsy-release on 2007-09-12
lighttpd (1.4.17-1ubuntu1) gutsy; urgency=low

  * Merge from Debian unstable, remaining changes:
    - Update maintainer field in debian/control.
    - Build against libgamin-dev rather than libfam-dev (fixes a warning
      during startup)
    - Make sure that upgrades succeed, even if we can't restart lighttpd.
    - Clean environment in init.d script.

 -- Soren Hansen <email address hidden>   Wed, 05 Sep 2007 09:30:15 +0200
Superseded in gutsy-release on 2007-09-05
lighttpd (1.4.16-2ubuntu2) gutsy; urgency=low

  * Build against libgamin-dev rather than libfam-dev (fixes a warning during
    startup about mismatched sizes of a data type).

 -- Soren Hansen <email address hidden>   Thu, 23 Aug 2007 19:51:08 +0200
Superseded in edgy-security on 2007-09-11
lighttpd (1.4.13~r1370-1ubuntu1.2) edgy-security; urgency=low

  * SECURITY UPDATE: remote crash on duplicate header keys with line-wrapping,
    various mod_auth bugs, mod_access bug and mod_fastcgi local DOS bug
    (LP:#127718)
  * debian/patches/06_security_lighttpd-1.4.x_duplicated_headers_with_folding_crash.dpatch:
    - Fixes header parsing bug (Lighttpd SA 2007:03, CVE 2007-3947)
      - Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_03.txt
      - Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_duplicated_headers_with_folding_crash.patch
  * debian/patches/07_security_lighttpd-1.4.x_mod_auth_sec.dpatch:
    - Fixes various mod_auth bugs (Lighttpd SA 2007:04-07, CVE 2007-3946)
      - Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_04.txt,
        http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_05.txt,
        http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_06.txt,
        http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_07.txt
      - Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_auth_sec.patch
  * debian/patches/08_security_lighttpd-1.4.x_mod_access_bypass.dpatch:
    - Fixes mod_access bug (Lighttpd SA 2007:08, CVE 2007-3949)
      - Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_08.txt
      - Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_access_bypass.patch
  * debian/patches/09_security_lighttpd-1.4.x_connections.dpatch:
    - Fixes crashes with accessing out of bound fd array index (CVE 2007-3948)
      - Description: http://secunia.com/cve_reference/CVE-2007-3948/
      - Patch: http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
  * debian/patches/10_security_lighttpd-1.4.x_mod_scgi_segfault.dpatch
    - Fixes segmentation fault in mod_scgi, ... (CVE 2007-3950)
      - Description: http://secunia.com/cve_reference/CVE-2007-3950/
      - Patch: http://trac.lighttpd.net/trac/changeset/1882?format=diff&new=1882
  * References:
    - Summary: http://www.lighttpd.net/2007/7/24/1-4-16-let-s-ship-it
    - External references: http://secunia.com/advisories/26130/

 -- Aron Sisak <email address hidden>   Wed, 08 Aug 2007 12:53:07 +0200
Superseded in feisty-security on 2007-09-11
lighttpd (1.4.13-9ubuntu4.1) feisty-security; urgency=low

  * SECURITY UPDATE: remote crash on duplicate header keys with line-wrapping,
    various mod_auth bugs, mod_access bug and mod_fastcgi local DOS bug
    (LP:#127718)
  * debian/patches/06_security_lighttpd-1.4.x_duplicated_headers_with_folding_crash.dpatch:
    - Fixes header parsing bug (Lighttpd SA 2007:03, CVE 2007-3947)
      - Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_03.txt
      - Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_duplicated_headers_with_folding_crash.patch
  * debian/patches/07_security_lighttpd-1.4.x_mod_auth_sec.dpatch:
    - Fixes various mod_auth bugs (Lighttpd SA 2007:04-07, CVE 2007-3946)
      - Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_04.txt,
        http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_05.txt,
        http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_06.txt,
        http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_07.txt
      - Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_auth_sec.patch
  * debian/patches/08_security_lighttpd-1.4.x_mod_access_bypass.dpatch:
    - Fixes mod_access bug (Lighttpd SA 2007:08, CVE 2007-3949)
      - Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_08.txt
      - Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_access_bypass.patch
  * debian/patches/09_security_lighttpd-1.4.x_connections.dpatch:
    - Fixes crashes with accessing out of bound fd array index (CVE 2007-3948)
      - Description: http://secunia.com/cve_reference/CVE-2007-3948/
      - Patch: http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
  * debian/patches/10_security_lighttpd-1.4.x_mod_scgi_segfault.dpatch
    - Fixes segmentation fault in mod_scgi, ... (CVE 2007-3950)
      - Description: http://secunia.com/cve_reference/CVE-2007-3950/
      - Patch: http://trac.lighttpd.net/trac/changeset/1882?format=diff&new=1882
  * References:
    - Summary: http://www.lighttpd.net/2007/7/24/1-4-16-let-s-ship-it
    - External references: http://secunia.com/advisories/26130/

 -- Aron Sisak <email address hidden>   Wed, 08 Aug 2007 11:37:59 +0200
Superseded in dapper-security on 2007-09-11
lighttpd (1.4.11-3ubuntu3.4) dapper-security; urgency=low

  * SECURITY UPDATE: remote crash on duplicate header keys with line-wrapping,
    various mod_auth bugs, mod_access bug and mod_fastcgi local DOS bug
    (LP:#127718)
  * debian/patches/06_security_lighttpd-1.4.x_duplicated_headers_with_folding_crash.dpatch:
    - Fixes header parsing bug (Lighttpd SA 2007:03, CVE 2007-3947)
      - Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_03.txt
      - Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_duplicated_headers_with_folding_crash.patch
  * debian/patches/07_security_lighttpd-1.4.x_mod_auth_sec.dpatch:
    - Fixes various mod_auth bugs (Lighttpd SA 2007:04-07, CVE 2007-3946)
      - Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_04.txt,
        http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_05.txt,
        http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_06.txt,
        http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_07.txt
      - Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_auth_sec.patch
  * debian/patches/08_security_lighttpd-1.4.x_mod_access_bypass.dpatch:
    - Fixes mod_access bug (Lighttpd SA 2007:08, CVE 2007-3949)
      - Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_08.txt
      - Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_access_bypass.patch
  * debian/patches/09_security_lighttpd-1.4.x_connections.dpatch:
    - Fixes crashes with accessing out of bound fd array index (CVE 2007-3948)
      - Description: http://secunia.com/cve_reference/CVE-2007-3948/
      - Patch: http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
  * debian/patches/10_security_lighttpd-1.4.x_mod_scgi_segfault.dpatch
    - Fixes segmentation fault in mod_scgi, ... (CVE 2007-3950)
      - Description: http://secunia.com/cve_reference/CVE-2007-3950/
      - Patch: http://trac.lighttpd.net/trac/changeset/1882?format=diff&new=1882
  * References:
    - Summary: http://www.lighttpd.net/2007/7/24/1-4-16-let-s-ship-it
    - External references: http://secunia.com/advisories/26130/

 -- Aron Sisak <email address hidden>   Wed, 08 Aug 2007 22:32:43 +0200
Superseded in gutsy-release on 2007-08-23
lighttpd (1.4.16-2ubuntu1) gutsy; urgency=low

  * Merge from Debian unstable, remaining changes: (LP: #131224)
    - Make sure that upgrades succeed, even if we can't restart lighttpd.
    - Clean environment in init.d script.
    - Update maintainer field in debian/control.

 -- Michele Angrisano <email address hidden>   Wed, 08 Aug 2007 13:24:21 +0200
Superseded in dapper-updates on 2007-10-12
lighttpd (1.4.11-3ubuntu3.3) dapper-updates; urgency=low

  * Push SRU to dapper-updates

 -- Scott Kitterman <email address hidden>   Sat, 04 Aug 2007 16:14:27 -0400
Superseded in gutsy-release on 2007-08-09
lighttpd (1.4.16-1ubuntu1) gutsy; urgency=low

  * Merge from Debian unstable, remaining changes:
    - Add fam/gamin stat cache engine support.
    - Replace Depends: on perl with Depends: on libterm-readline-perl-perl.
    - Make sure that upgrades succeed, even if we can't restart lighttpd.
    - Clean environment in init.d script.
    - Update maintainer field in debian/control.

Superseded in gutsy-release on 2007-07-29
lighttpd (1.4.15-1.1ubuntu1) gutsy; urgency=low

  * Merge from Debian unstable, remaining changes:
    - Add fam/gamin stat cache engine support.
    - Replace Depends: on perl with Depends: on libterm-readline-perl-perl.
    - Make sure that upgrades succeed, even if we can't restart lighttpd.
    - Clean environment in init.d script.
    - Update maintainer field in debian/control.

Deleted in dapper-proposed on 2008-02-01 (Reason: moved to -updates)
lighttpd (1.4.11-3ubuntu3.2) dapper-proposed; urgency=low

  * Added relevant security fix from 1.4.14 (Closes LP: #107628)
    - DOS with files with mtime 0 (CVE-2007-1870)
       security_zero_mtime_crash

 -- Scott Kitterman <email address hidden>   Tue, 24 Apr 2007 12:04:01 -0400
Superseded in gutsy-release on 2007-07-21
lighttpd (1.4.15-1ubuntu1) gutsy; urgency=low

  * Merge from Debian unstable. Remaining Ubuntu changes:
    - Add fam/gamin stat cache engine support
    - Clean environment in init.d script
    - Replace Depends: on perl with Depends: on libterm-readline-perl-perl
    - Make sure that upgrades succeed, even if we can't restart lighttpd
    - DebianMaintainerField update

Superseded in edgy-security on 2007-08-09
lighttpd (1.4.13~r1370-1ubuntu1.1) edgy-security; urgency=low

  * Added security fixes from 1.4.14 (Closes LP: #107628)
    - Remote DOS in CRLF parsing (CVE-2007-1869)
       debian/patches/04_security_crlf_parsing_dos.dpatch
    - DOS with files with mtime 0 (CVE-2007-1870)
       debian/patches/05_security_zero_mtime_crash.dpatch
  * Change maintainer to MOTU

 -- Scott Kitterman <email address hidden>   Mon, 23 Apr 2007 17:03:01 -0400
Superseded in dapper-security on 2007-08-09
lighttpd (1.4.11-3ubuntu3.0.1) dapper-security; urgency=low

  * Added relevant security fix from 1.4.14 (Closes LP: #107628)
    - DOS with files with mtime 0 (CVE-2007-1870)
       security_zero_mtime_crash
  * Change maintainer to MOTU

 -- Scott Kitterman <email address hidden>   Tue, 24 Apr 2007 10:30:01 -0400
Superseded in gutsy-release on 2007-05-01
Obsolete in feisty-release on 2009-08-20
lighttpd (1.4.13-9ubuntu4) feisty; urgency=low

  * Added LDAP connection leak fix from Debian (Bug: #413917)
    - debian/patches/03_ldap_leak_bugfix.dpatch
  * Added security fixes from 1.4.14 (Closes LP: #106416)
    - Remote DOS in CRLF parsing (CVE-2007-1869)
       debian/patches/04_security_crlf_parsing_dos.dpatch
    - DOS with files with mtime 0 (CVE-2007-1870)
       debian/patches/05_security_zero_mtime_crash.dpatch

 -- Lukas Fittl <email address hidden>   Sat, 14 Apr 2007 05:26:10 +0200
175 of 95 results