Change log for lighttpd package in Ubuntu
76 → 146 of 146 results | First • Previous • Next • Last |
lighttpd (1.4.19-0ubuntu3.1) hardy-security; urgency=low * SECURITY UPDATE: (LP: #279490) + debian/patches/93_CVE-2008-4298.dpatch - Fix memory leak in request header handling + debian/patches/95_CVE-2008-4360.dpatch - Fix mod_userdir information disclosure * References + https://bugs.launchpad.net/bugs/cve/2008-4298 + https://bugs.launchpad.net/bugs/cve/2008-4360 -- Marcin Gibula <email address hidden> Wed, 04 Mar 2009 13:42:05 +0100
Available diffs
lighttpd (1.4.19-5ubuntu7) jaunty; urgency=low * debian/index.html: do not point to edge.launchpad.net (LP: #302845) * Fix documentation reference to virtual hosting by referring to mod_simple_vhost (LP: #247271) - debian/patches/fix-conf-doc.patch -- Daniel Hahler <email address hidden> Tue, 17 Mar 2009 22:36:05 +0100
Available diffs
- diff from 1.4.19-5ubuntu6 to 1.4.19-5ubuntu7 (980 bytes)
Superseded in jaunty-release |
lighttpd (1.4.19-5ubuntu6) jaunty; urgency=low * Finally provide what ~ubuntu3 should have been already, fixing another shell script error (LP: #329595) -- Daniel Hahler <email address hidden> Mon, 16 Feb 2009 20:37:19 +0100
Available diffs
- diff from 1.4.19-5ubuntu5 to 1.4.19-5ubuntu6 (444 bytes)
Superseded in jaunty-release |
lighttpd (1.4.19-5ubuntu5) jaunty; urgency=low * Fix bashism in init.d (LP: #329595) -- Daniel Hahler <email address hidden> Sun, 15 Feb 2009 23:53:19 +0100
Available diffs
- diff from 1.4.19-5ubuntu4 to 1.4.19-5ubuntu5 (430 bytes)
Superseded in jaunty-release |
lighttpd (1.4.19-5ubuntu4) jaunty; urgency=low * Remove check-syntax-on-startup from debian/patches/series because there is not a patch with this name (changes in the last revision were all inside the debian dir) -- Scott Kitterman <email address hidden> Sat, 14 Feb 2009 19:07:20 -0500
Available diffs
- diff from 1.4.19-5ubuntu3 to 1.4.19-5ubuntu4 (467 bytes)
Superseded in jaunty-release |
lighttpd (1.4.19-5ubuntu3) jaunty; urgency=low * init.d: check sytax during start/reload/restart/force-reload. Patch provided by Nic Ferrier. (LP: #286887) -- Daniel Hahler <email address hidden> Sat, 14 Feb 2009 22:18:35 +0100
Available diffs
- diff from 1.4.19-5ubuntu2 to 1.4.19-5ubuntu3 (800 bytes)
Superseded in jaunty-release |
lighttpd (1.4.19-5ubuntu2) jaunty; urgency=low * Added a UFW profile set. (LP: #317994) - debian/lighttpd.dirs: added etc/ufw/applications.d - debian/rules: install the ufw profile - debian/control: lighttpd: suggest ufw -- Jacob Peddicord <email address hidden> Fri, 23 Jan 2009 19:43:51 -0500
Available diffs
- diff from 1.4.19-5ubuntu1 to 1.4.19-5ubuntu2 (853 bytes)
Superseded in jaunty-release |
lighttpd (1.4.19-5ubuntu1) jaunty; urgency=low * Merge from debian unstable, remaining changes: - debian/control: Depend on lsb >= 3.2-14, which has the status_of_proc() function; libgamin-dev rather than libfam-dev to fix startup warning - debian/init.d: Add the 'status' action, clean environment - debian/rules: set DEB_UPDATE_RCD_PARAMS to "defaults 91 09" to not start lighty before apache2 but in the same runlevel with the same priority - debian/index.html: s/Debian/Ubuntu/g branding on the default page - debian/compat: standards version 3.7.3, bump compat to 6, adjusted build-dep of debhelper accordingly * Dropped changes - debian/lighttpd.install: all changes upstream now, order adjusted accordingly
Available diffs
lighttpd (1.4.19-4ubuntu2) intrepid; urgency=low * debian/control: Depend on lsb >= 3.2-14, which has the status_of_proc() function. * debian/init.d: Add the 'status' action (LP: #251924). -- Andres Rodriguez <email address hidden> Fri, 25 Jul 2008 11:47:48 -0500
Available diffs
- diff from 1.4.19-4ubuntu1 to 1.4.19-4ubuntu2 (780 bytes)
Superseded in intrepid-release |
lighttpd (1.4.19-4ubuntu1) intrepid; urgency=low * Merge from debian unstable (LP: #233966), remaining changes: - debian/rules: (From Debian) - Remove spurious mkdir in debian/rules (Closes: dbts 448160). - debian/conf-available/10-rrdtool: (From Debian) + Add sample configuration for the mod_rrdtool (Closes: dbts 462907). - debian/lighttpd.install: + Install 10-rrdtool - debian/patches/ldap-deprecated.dpatch: + Force use of deprecated ldap interfaces (Closes: dbts 463368), thanks to Dann Frazier (patches/ldap-deprecated.dpatch). - debian/rules: (LP: #174289) + set DEB_UPDATE_RCD_PARAMS to "defaults 91 09" to not start lighty before apache2 but in the same runlevel with the same priority - Build against libgamin-dev rather than libfam-dev (fixes a warning during startup) - Make sure that upgrades succeed, even if we can't restart lighttpd. - Clean environment in init.d script.
lighttpd (1.4.18-1ubuntu1.4) gutsy-security; urgency=low * SECURITY UPDATE: (LP: #209627) + debian/patches/91_CVE-2008-1531.dpatch - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost. * References + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531 + http://trac.lighttpd.net/trac/changeset/2136 + http://trac.lighttpd.net/trac/changeset/2139 -- Emanuele Gentili <email address hidden> Sun, 06 Apr 2008 03:39:14 +0200
lighttpd (1.4.13~r1370-1ubuntu1.7) edgy-security; urgency=low * SECURITY UPDATE: (LP: #209627) + debian/patches/91_CVE-2008-1531.dpatch - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost. * References + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531 + http://trac.lighttpd.net/trac/changeset/2136 + http://trac.lighttpd.net/trac/changeset/2139 -- Emanuele Gentili <email address hidden> Mon, 07 Apr 2008 19:45:59 +0200
lighttpd (1.4.13-9ubuntu4.6) feisty-security; urgency=low * SECURITY UPDATE: (LP: #209627) + debian/patches/91_CVE-2008-1531.dpatch - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost. * References + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531 + http://trac.lighttpd.net/trac/changeset/2136 + http://trac.lighttpd.net/trac/changeset/2139 -- Emanuele Gentili <email address hidden> Sun, 06 Apr 2008 23:55:30 +0200
lighttpd (1.4.19-0ubuntu3) hardy; urgency=low * SECURITY UPDATE: (LP: #209627) + debian/patches/92_CVE-2008-1531.dpatch - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost. * References + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531 + http://trac.lighttpd.net/trac/changeset/2136 + http://trac.lighttpd.net/trac/changeset/2139 -- Emanuele Gentili <email address hidden> Sun, 06 Apr 2008 00:09:12 +0200
Superseded in hardy-release |
lighttpd (1.4.19-0ubuntu2) hardy; urgency=low * debian/rules: (LP: #174289) - set DEB_UPDATE_RCD_PARAMS to "defaults 91 09" to not start lighty before apache2 but in the same runlevel with the same priority -- Stephan Hermann <email address hidden> Mon, 17 Mar 2008 16:50:10 +0100
Superseded in hardy-release |
lighttpd (1.4.19-0ubuntu1) hardy; urgency=low * New upstream release (LP: #201439) For Changes please read the NEWS file All security patches we have in 1.4.18 of hardy are included now upstream * debian/patches/*: All changes introduced by this patches are now applied upstream - Dropped 90_CVE-2008-1111.dpatch - Dropped 91_CVE-2008-1270.dpatch - Dropped 90_maxfds_crash_fix.dpatch - Dropped 03_ldap_leak_bugfix.dpatch - Dropped 04_ldap_build_filter_fix.dpatch - Dropped 90_accept_ranges_fix.dpatch * debian/lighttpd.conf: (From Debian) - Move the aliases on /doc/ and /images/ mandated by policy at the end to circumvent #445459. * debian/rules: (From Debian) - Remove spurious mkdir in debian/rules (Closes: dbts 448160). * debian/conf-available/10-rrdtool: (From Debian) - Add sample configuration for the mod_rrdtool (Closes: dbts 462907). * debian/lighttpd.install: - Install 10-rrdtool * debian/patches/ldap-deprecated.dpatch: - Force use of deprecated ldap interfaces (Closes: dbts 463368), thanks to Dann Frazier (patches/ldap-deprecated.dpatch). * Bumped Standards Version to 3.7.3, Bumbed Compat to 6, adjusted build-dep of debhelper accordingly -- Stephan Hermann <email address hidden> Wed, 12 Mar 2008 15:52:09 +0100
lighttpd (1.4.18-1ubuntu1.3) gutsy-security; urgency=low * SECURITY UPDATE: (LP: #200987) + debian/patches/91_CVE-2008-1270.dpatch - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory. * References + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270 + http://trac.lighttpd.net/trac/ticket/1587 + http://trac.lighttpd.net/trac/changeset/2120 -- Emanuele Gentili <email address hidden> Tue, 11 Mar 2008 14:37:58 +0100
lighttpd (1.4.13~r1370-1ubuntu1.6) edgy-security; urgency=low * SECURITY UPDATE: (LP: #200987) + debian/patches/91_CVE-2008-1270.dpatch - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory. * References + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270 + http://trac.lighttpd.net/trac/ticket/1587 + http://trac.lighttpd.net/trac/changeset/2120 -- Emanuele Gentili <email address hidden> Tue, 11 Mar 2008 14:58:14 +0100
lighttpd (1.4.13-9ubuntu4.5) feisty-security; urgency=low * SECURITY UPDATE: (LP: #200987) + debian/patches/91_CVE-2008-1270.dpatch - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory. * References + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270 + http://trac.lighttpd.net/trac/ticket/1587 + http://trac.lighttpd.net/trac/changeset/2120 -- Emanuele Gentili <email address hidden> Tue, 11 Mar 2008 14:51:11 +0100
lighttpd (1.4.11-3ubuntu3.8) dapper-security; urgency=low * SECURITY UPDATE: (LP: #200987) + debian/patches/91_CVE-2008-1270.dpatch - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory. * References + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270 + http://trac.lighttpd.net/trac/ticket/1587 + http://trac.lighttpd.net/trac/changeset/2120 -- Emanuele Gentili <email address hidden> Tue, 11 Mar 2008 15:03:17 +0100
Superseded in hardy-release |
lighttpd (1.4.18-1ubuntu6) hardy; urgency=low * SECURITY UPDATE: (LP: #200987) + debian/patches/91_CVE-2008-1270.dpatch - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory. * References + CVE-2008-1270 + http://trac.lighttpd.net/trac/ticket/1587 + http://trac.lighttpd.net/trac/changeset/2120 -- Emanuele Gentili <email address hidden> Tue, 11 Mar 2008 14:16:48 +0100
Superseded in gutsy-security |
lighttpd (1.4.18-1ubuntu1.2) gutsy-security; urgency=low * SECURITY UPDATE: + debian/patches/91_CVE-2008-1111.dpatch: - Fixes CVE-2008-1111 "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the source code of CGI scripts instead of a 500 error, which might allow remote attackers to obtain sensitive information." (LP: #198731) * References + http://trac.lighttpd.net/trac/changeset/2107 + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111 -- Emanuele Gentili <email address hidden> Wed, 05 Mar 2008 14:28:27 +0100
Superseded in edgy-security |
lighttpd (1.4.13~r1370-1ubuntu1.5) edgy-security; urgency=low * SECURITY UPDATE: + debian/patches/91_CVE-2008-1111.dpatch: - Fixes CVE-2008-1111 "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the source code of CGI scripts instead of a 500 error, which might allow remote attackers to obtain sensitive information." (LP: #198731) * References + http://trac.lighttpd.net/trac/changeset/2107 + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111 -- Emanuele Gentili <email address hidden> Wed, 05 Mar 2008 16:14:40 +0100
Superseded in feisty-security |
lighttpd (1.4.13-9ubuntu4.4) feisty-security; urgency=low * SECURITY UPDATE: + debian/patches/91_CVE-2008-1111.dpatch: - Fixes CVE-2008-1111 "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the source code of CGI scripts instead of a 500 error, which might allow remote attackers to obtain sensitive information." (LP: #198731) * References + http://trac.lighttpd.net/trac/changeset/2107 + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111 -- Emanuele Gentili <email address hidden> Wed, 05 Mar 2008 14:53:26 +0100
Superseded in dapper-security |
lighttpd (1.4.11-3ubuntu3.7) dapper-security; urgency=low * SECURITY UPDATE: + debian/patches/91_CVE-2008-1111.dpatch: - Fixes CVE-2008-1111 "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the source code of CGI scripts instead of a 500 error, which might allow remote attackers to obtain sensitive information." (LP: #198731) * References + http://trac.lighttpd.net/trac/changeset/2107 + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111 -- Emanuele Gentili <email address hidden> Wed, 05 Mar 2008 16:32:13 +0100
Superseded in hardy-release |
lighttpd (1.4.18-1ubuntu5) hardy; urgency=low * debian/patches/90-CVE-2008-1111.dpatch: - Fixes CVE-2008-1111 "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the source code of CGI scripts instead of a 500 error, which might allow remote attackers to obtain sensitive information." Upstream Patch: http://trac.lighttpd.net/trac/changeset/2107 -- Stephan Hermann <email address hidden> Wed, 05 Mar 2008 14:04:43 +0100
Superseded in hardy-release |
lighttpd (1.4.18-1ubuntu4) hardy; urgency=low * debian/patches/90_accept_ranges_fix.dpatch: - Fixes a problem serving PDF files or other files who are in need of no Accept-Ranges header (http://trac.lighttpd.net/trac/ticket/541) (Patch: http://trac.lighttpd.net/trac/changeset/2090) * debian/index.html: - replaced all occurances of debian with ubuntu (LP: #115565) -- Stephan Hermann <email address hidden> Mon, 03 Mar 2008 17:38:33 +0100
lighttpd (1.4.18-1ubuntu1.1) gutsy-security; urgency=low * SECURITY UPDATE: + debian/patches/90_maxfds_crash_fix.dpatch: - added patch from upstream to fix the maxfds issue (LP: #195380) * References + http://trac.lighttpd.net/trac/ticket/1562 -- Emanuele Gentili <email address hidden> Mon, 25 Feb 2008 16:21:40 +0100
lighttpd (1.4.13~r1370-1ubuntu1.4) edgy-security; urgency=low * SECURITY UPDATE: + debian/patches/90_maxfds_crash_fix.dpatch: - added patch from upstream to fix the maxfds issue (LP: #195380) * References + http://trac.lighttpd.net/trac/ticket/1562 -- Emanuele Gentili <email address hidden> Mon, 25 Feb 2008 16:46:33 +0100
lighttpd (1.4.13-9ubuntu4.3) feisty-security; urgency=low * SECURITY UPDATE: + debian/patches/90_maxfds_crash_fix.dpatch: - added patch from upstream to fix the maxfds issue (LP: #195380) * References + http://trac.lighttpd.net/trac/ticket/1562 -- Emanuele Gentili <email address hidden> Mon, 25 Feb 2008 16:35:30 +0100
lighttpd (1.4.11-3ubuntu3.6) dapper-security; urgency=low * SECURITY UPDATE: + debian/patches/90_maxfds_crash_fix.dpatch: - added patch from upstream to fix the maxfds issue (LP: #195380) * References + http://trac.lighttpd.net/trac/ticket/1562 -- Emanuele Gentili <email address hidden> Mon, 25 Feb 2008 16:58:32 +0100
Superseded in hardy-release |
lighttpd (1.4.18-1ubuntu3) hardy; urgency=low * debian/patches/90_maxfds_crash_fix.dpatch: - added patch from upstream to fix the maxfds issue - See: http://trac.lighttpd.net/trac/ticket/1562 -- Stephan Hermann <email address hidden> Mon, 25 Feb 2008 11:51:57 +0100
Superseded in hardy-release |
lighttpd (1.4.18-1ubuntu2) hardy; urgency=low * Rebuild against libldap2.4-2 -- Emmet Hikory <email address hidden> Thu, 24 Jan 2008 22:02:20 +0900
lighttpd (1.4.18-1ubuntu1) gutsy; urgency=low * Merge from Debian unstable, remaining changes: - Update maintainer field in debian/control. - Build against libgamin-dev rather than libfam-dev (fixes a warning during startup) - Make sure that upgrades succeed, even if we can't restart lighttpd. - Clean environment in init.d script. -- Soren Hansen <email address hidden> Wed, 12 Sep 2007 14:02:31 +0200
lighttpd (1.4.13~r1370-1ubuntu1.3) edgy-security; urgency=low * SECURITY UPDATE: fix DoS crash from improper EOL handling in mod_cgi.c (backported from upstream 1.4.17) * SECURITY UPDATE: fix potential DoS crash in etag.c. This patch also fixes possible dereferencing a NULL pointer in buffer.c (both backported from upstream 1.4.17) * SECURITY UPDATE: fix arbitrary code execution in mod_fastcgi.c due to improper handling of content length in HTTP headers. Patch from upstream * References https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138309 https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138310 http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt CVE-2007-4727 -- Jamie Strandboge <email address hidden> Sat, 10 Sep 2007 16:28:19 -0400
lighttpd (1.4.13-9ubuntu4.2) feisty-security; urgency=low * SECURITY UPDATE: fix DoS crash from improper EOL handling in mod_cgi.c (backported from upstream 1.4.17) * SECURITY UPDATE: fix potential DoS crash in etag.c. This patch also fixes possible dereferencing a NULL pointer in buffer.c (both backported from upstream 1.4.17) * SECURITY UPDATE: fix arbitrary code execution in mod_fastcgi.c due to improper handling of content length in HTTP headers. Patch from upstream * References https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138309 https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138310 http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt CVE-2007-4727 -- Jamie Strandboge <email address hidden> Sat, 10 Sep 2007 14:57:39 -0400
lighttpd (1.4.11-3ubuntu3.5) dapper-security; urgency=low * SECURITY UPDATE: fix DoS crash from improper EOL handling in mod_cgi.c (backported from upstream 1.4.17) * SECURITY UPDATE: fix potential DoS crash in etag.c. This patch also fixes possible dereferencing a NULL pointer in buffer.c (both backported from upstream 1.4.17) * SECURITY UPDATE: fix arbitrary code execution in mod_fastcgi.c due to improper handling of content length in HTTP headers. Patch from upstream * References https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138309 https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138310 http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt CVE-2007-4727 -- Jamie Strandboge <email address hidden> Sat, 08 Sep 2007 17:09:41 -0400
Superseded in gutsy-release |
lighttpd (1.4.17-1ubuntu1) gutsy; urgency=low * Merge from Debian unstable, remaining changes: - Update maintainer field in debian/control. - Build against libgamin-dev rather than libfam-dev (fixes a warning during startup) - Make sure that upgrades succeed, even if we can't restart lighttpd. - Clean environment in init.d script. -- Soren Hansen <email address hidden> Wed, 05 Sep 2007 09:30:15 +0200
Superseded in gutsy-release |
lighttpd (1.4.16-2ubuntu2) gutsy; urgency=low * Build against libgamin-dev rather than libfam-dev (fixes a warning during startup about mismatched sizes of a data type). -- Soren Hansen <email address hidden> Thu, 23 Aug 2007 19:51:08 +0200
Superseded in edgy-security |
lighttpd (1.4.13~r1370-1ubuntu1.2) edgy-security; urgency=low * SECURITY UPDATE: remote crash on duplicate header keys with line-wrapping, various mod_auth bugs, mod_access bug and mod_fastcgi local DOS bug (LP:#127718) * debian/patches/06_security_lighttpd-1.4.x_duplicated_headers_with_folding_crash.dpatch: - Fixes header parsing bug (Lighttpd SA 2007:03, CVE 2007-3947) - Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_03.txt - Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_duplicated_headers_with_folding_crash.patch * debian/patches/07_security_lighttpd-1.4.x_mod_auth_sec.dpatch: - Fixes various mod_auth bugs (Lighttpd SA 2007:04-07, CVE 2007-3946) - Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_04.txt, http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_05.txt, http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_06.txt, http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_07.txt - Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_auth_sec.patch * debian/patches/08_security_lighttpd-1.4.x_mod_access_bypass.dpatch: - Fixes mod_access bug (Lighttpd SA 2007:08, CVE 2007-3949) - Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_08.txt - Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_access_bypass.patch * debian/patches/09_security_lighttpd-1.4.x_connections.dpatch: - Fixes crashes with accessing out of bound fd array index (CVE 2007-3948) - Description: http://secunia.com/cve_reference/CVE-2007-3948/ - Patch: http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873 * debian/patches/10_security_lighttpd-1.4.x_mod_scgi_segfault.dpatch - Fixes segmentation fault in mod_scgi, ... (CVE 2007-3950) - Description: http://secunia.com/cve_reference/CVE-2007-3950/ - Patch: http://trac.lighttpd.net/trac/changeset/1882?format=diff&new=1882 * References: - Summary: http://www.lighttpd.net/2007/7/24/1-4-16-let-s-ship-it - External references: http://secunia.com/advisories/26130/ -- Aron Sisak <email address hidden> Wed, 08 Aug 2007 12:53:07 +0200
Superseded in feisty-security |
lighttpd (1.4.13-9ubuntu4.1) feisty-security; urgency=low * SECURITY UPDATE: remote crash on duplicate header keys with line-wrapping, various mod_auth bugs, mod_access bug and mod_fastcgi local DOS bug (LP:#127718) * debian/patches/06_security_lighttpd-1.4.x_duplicated_headers_with_folding_crash.dpatch: - Fixes header parsing bug (Lighttpd SA 2007:03, CVE 2007-3947) - Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_03.txt - Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_duplicated_headers_with_folding_crash.patch * debian/patches/07_security_lighttpd-1.4.x_mod_auth_sec.dpatch: - Fixes various mod_auth bugs (Lighttpd SA 2007:04-07, CVE 2007-3946) - Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_04.txt, http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_05.txt, http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_06.txt, http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_07.txt - Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_auth_sec.patch * debian/patches/08_security_lighttpd-1.4.x_mod_access_bypass.dpatch: - Fixes mod_access bug (Lighttpd SA 2007:08, CVE 2007-3949) - Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_08.txt - Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_access_bypass.patch * debian/patches/09_security_lighttpd-1.4.x_connections.dpatch: - Fixes crashes with accessing out of bound fd array index (CVE 2007-3948) - Description: http://secunia.com/cve_reference/CVE-2007-3948/ - Patch: http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873 * debian/patches/10_security_lighttpd-1.4.x_mod_scgi_segfault.dpatch - Fixes segmentation fault in mod_scgi, ... (CVE 2007-3950) - Description: http://secunia.com/cve_reference/CVE-2007-3950/ - Patch: http://trac.lighttpd.net/trac/changeset/1882?format=diff&new=1882 * References: - Summary: http://www.lighttpd.net/2007/7/24/1-4-16-let-s-ship-it - External references: http://secunia.com/advisories/26130/ -- Aron Sisak <email address hidden> Wed, 08 Aug 2007 11:37:59 +0200
Superseded in dapper-security |
lighttpd (1.4.11-3ubuntu3.4) dapper-security; urgency=low * SECURITY UPDATE: remote crash on duplicate header keys with line-wrapping, various mod_auth bugs, mod_access bug and mod_fastcgi local DOS bug (LP:#127718) * debian/patches/06_security_lighttpd-1.4.x_duplicated_headers_with_folding_crash.dpatch: - Fixes header parsing bug (Lighttpd SA 2007:03, CVE 2007-3947) - Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_03.txt - Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_duplicated_headers_with_folding_crash.patch * debian/patches/07_security_lighttpd-1.4.x_mod_auth_sec.dpatch: - Fixes various mod_auth bugs (Lighttpd SA 2007:04-07, CVE 2007-3946) - Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_04.txt, http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_05.txt, http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_06.txt, http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_07.txt - Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_auth_sec.patch * debian/patches/08_security_lighttpd-1.4.x_mod_access_bypass.dpatch: - Fixes mod_access bug (Lighttpd SA 2007:08, CVE 2007-3949) - Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_08.txt - Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_access_bypass.patch * debian/patches/09_security_lighttpd-1.4.x_connections.dpatch: - Fixes crashes with accessing out of bound fd array index (CVE 2007-3948) - Description: http://secunia.com/cve_reference/CVE-2007-3948/ - Patch: http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873 * debian/patches/10_security_lighttpd-1.4.x_mod_scgi_segfault.dpatch - Fixes segmentation fault in mod_scgi, ... (CVE 2007-3950) - Description: http://secunia.com/cve_reference/CVE-2007-3950/ - Patch: http://trac.lighttpd.net/trac/changeset/1882?format=diff&new=1882 * References: - Summary: http://www.lighttpd.net/2007/7/24/1-4-16-let-s-ship-it - External references: http://secunia.com/advisories/26130/ -- Aron Sisak <email address hidden> Wed, 08 Aug 2007 22:32:43 +0200
Superseded in gutsy-release |
lighttpd (1.4.16-2ubuntu1) gutsy; urgency=low * Merge from Debian unstable, remaining changes: (LP: #131224) - Make sure that upgrades succeed, even if we can't restart lighttpd. - Clean environment in init.d script. - Update maintainer field in debian/control. -- Michele Angrisano <email address hidden> Wed, 08 Aug 2007 13:24:21 +0200
Superseded in dapper-updates |
lighttpd (1.4.11-3ubuntu3.3) dapper-updates; urgency=low * Push SRU to dapper-updates -- Scott Kitterman <email address hidden> Sat, 04 Aug 2007 16:14:27 -0400
Superseded in gutsy-release |
lighttpd (1.4.16-1ubuntu1) gutsy; urgency=low * Merge from Debian unstable, remaining changes: - Add fam/gamin stat cache engine support. - Replace Depends: on perl with Depends: on libterm-readline-perl-perl. - Make sure that upgrades succeed, even if we can't restart lighttpd. - Clean environment in init.d script. - Update maintainer field in debian/control.
Superseded in gutsy-release |
lighttpd (1.4.15-1.1ubuntu1) gutsy; urgency=low * Merge from Debian unstable, remaining changes: - Add fam/gamin stat cache engine support. - Replace Depends: on perl with Depends: on libterm-readline-perl-perl. - Make sure that upgrades succeed, even if we can't restart lighttpd. - Clean environment in init.d script. - Update maintainer field in debian/control.
Deleted in dapper-proposed (Reason: moved to -updates) |
lighttpd (1.4.11-3ubuntu3.2) dapper-proposed; urgency=low * Added relevant security fix from 1.4.14 (Closes LP: #107628) - DOS with files with mtime 0 (CVE-2007-1870) security_zero_mtime_crash -- Scott Kitterman <email address hidden> Tue, 24 Apr 2007 12:04:01 -0400
Superseded in gutsy-release |
lighttpd (1.4.15-1ubuntu1) gutsy; urgency=low * Merge from Debian unstable. Remaining Ubuntu changes: - Add fam/gamin stat cache engine support - Clean environment in init.d script - Replace Depends: on perl with Depends: on libterm-readline-perl-perl - Make sure that upgrades succeed, even if we can't restart lighttpd - DebianMaintainerField update
Superseded in edgy-security |
lighttpd (1.4.13~r1370-1ubuntu1.1) edgy-security; urgency=low * Added security fixes from 1.4.14 (Closes LP: #107628) - Remote DOS in CRLF parsing (CVE-2007-1869) debian/patches/04_security_crlf_parsing_dos.dpatch - DOS with files with mtime 0 (CVE-2007-1870) debian/patches/05_security_zero_mtime_crash.dpatch * Change maintainer to MOTU -- Scott Kitterman <email address hidden> Mon, 23 Apr 2007 17:03:01 -0400
Superseded in dapper-security |
lighttpd (1.4.11-3ubuntu3.0.1) dapper-security; urgency=low * Added relevant security fix from 1.4.14 (Closes LP: #107628) - DOS with files with mtime 0 (CVE-2007-1870) security_zero_mtime_crash * Change maintainer to MOTU -- Scott Kitterman <email address hidden> Tue, 24 Apr 2007 10:30:01 -0400
lighttpd (1.4.13-9ubuntu4) feisty; urgency=low * Added LDAP connection leak fix from Debian (Bug: #413917) - debian/patches/03_ldap_leak_bugfix.dpatch * Added security fixes from 1.4.14 (Closes LP: #106416) - Remote DOS in CRLF parsing (CVE-2007-1869) debian/patches/04_security_crlf_parsing_dos.dpatch - DOS with files with mtime 0 (CVE-2007-1870) debian/patches/05_security_zero_mtime_crash.dpatch -- Lukas Fittl <email address hidden> Sat, 14 Apr 2007 05:26:10 +0200
Superseded in feisty-release |
lighttpd (1.4.13-9ubuntu3) feisty; urgency=low * Make sure that upgrades succeed, even if we can't restart lighttpd (LP: #86882) -- Soren Hansen <email address hidden> Thu, 29 Mar 2007 01:10:06 +0200
Superseded in feisty-release |
lighttpd (1.4.13-9ubuntu2) feisty; urgency=low * Add fam/gamin stat cache engine support (Closes: LP#80818) -- Soren Hansen <email address hidden> Mon, 19 Feb 2007 13:09:19 +0100
Superseded in feisty-release |
lighttpd (1.4.13-9ubuntu1) feisty; urgency=low * Merge from Debian unstable. Remaining Ubuntu changes: - Clean environment in init.d script - Replace Depends: on perl with Depends: on libterm-readline-perl-perl
Superseded in feisty-release |
lighttpd (1.4.13-7ubuntu1) feisty; urgency=low * Merge from debian unstable, remaining changes: - Clean environment in init.d script - Replace Depends: on perl with Depends: on libterm-readline-perl-perl
Superseded in feisty-release |
lighttpd (1.4.13-6ubuntu3) feisty; urgency=low * Fix typo in init-script -- Soren Hansen <email address hidden> Wed, 13 Dec 2006 11:52:54 +0100
Superseded in feisty-release |
lighttpd (1.4.13-6ubuntu2) feisty; urgency=low * Clean the environment before starting. Fixes: LP#53840 -- Soren Hansen <email address hidden> Sun, 10 Dec 2006 16:18:55 +0100
Superseded in feisty-release |
lighttpd (1.4.13-6ubuntu1) feisty; urgency=low * Merge from debian unstable, remaining changes: - Replace Depends: on perl with Depends: on libterm-readline-perl-perl
Superseded in dapper-proposed |
lighttpd (1.4.11-3ubuntu3.1) dapper-proposed; urgency=low * debian/init.d: Update to current Debian script (Closes: Malone #59269, Malone #68401) -- Lukas Fittl <email address hidden> Sat, 4 Nov 2006 15:57:26 +0100
lighttpd (1.4.13~r1370-1ubuntu1) edgy; urgency=low * Merge from Debian unstable (Closes: Malone #64900). Remaining changes: - Add an additional dependency on libterm-readline-perl-perl (Malone #43895)
Superseded in edgy-release |
lighttpd (1.4.12~20060907-1ubuntu1) edgy; urgency=low * Merge from debian unstable: -> Keep the additional dependency on libterm-readline-perl-perl.
Superseded in edgy-release |
lighttpd (1.4.11-7ubuntu1) edgy; urgency=low * Merge from debian unstable: -> Restore B-D on libmemcache-dev. -> Keep the additional dependency on libterm-readline-perl-perl. * debian/patches: -> Add 02_mod_ssl_post_fix.dpatch: fix a stall with POST requests between 8317 and 16381 bytes long when mod_ssl is enabled.
lighttpd (1.4.11-3ubuntu3) dapper; urgency=low * debian/control + Added depends on libterm-readline-perl-perl. (Closes: Malone #43895) -- Chuck Short <email address hidden> Wed, 10 May 2006 18:11:24 -0400
Superseded in dapper-release |
lighttpd (1.4.11-3ubuntu2) dapper; urgency=low * Rebuild against the new libmysqlclient15off with correct symbols. -- Adam Conrad <email address hidden> Thu, 6 Apr 2006 15:10:02 +1000
Superseded in dapper-release |
lighttpd (1.4.11-3ubuntu1) dapper; urgency=low * Sync with Debian: + Removed B-D on libmemcache-dev as we don't have it in dapper, needs to be re-enabled for dapper+1
Superseded in dapper-release |
lighttpd (1.4.11-1ubuntu1) dapper; urgency=low * Sync with Debian * UVF exception: https://launchpad.net/distros/ubuntu/+source/lighttpd/+bug/35353 * Removed B-D on libmemcache-dev as we don't have it in dapper, needs to be re-enabled for dapper+1
lighttpd (1.4.9-1) unstable; urgency=low * New upstream release * Closing bug from not uploaded release 1.4.8-5, (closes: #347737) -- Krzysztof Krzyzaniak (eloy) <email address hidden> Mon, 16 Jan 2006 20:06:39 +0100
lighttpd (1.4.8-4) unstable; urgency=low * fixed permissions and directories (closes: #347565) -- Krzysztof Krzyzaniak (eloy) <email address hidden> Wed, 11 Jan 2006 17:15:12 +0100
lighttpd (1.4.8-3) unstable; urgency=low * New configuration layout (closes: #345554) (closes: #344959), read /etc/lighttpd/conf-available/README - conf-available directory for all templates - conf-enabled directory for enabled modules -- Krzysztof Krzyzaniak (eloy) <email address hidden> Mon, 9 Jan 2006 13:49:34 +0100
lighttpd (1.4.8-2) unstable; urgency=low [ Krzysztof Krzyzaniak (eloy) ] * debian/control: lsb-base dependency narrowed to (>= 3.0-3) * create-mime.assign.pl set as executable (closes: #344938) -- Krzysztof Krzyzaniak (eloy) <email address hidden> Wed, 28 Dec 2005 12:40:55 +0100
lighttpd (1.4.8-1) unstable; urgency=low * New upstream version (closes: #304271) * Does not rely on $SHELL to execute external commands -- Torsten Marek <email address hidden> Sat, 26 Nov 2005 11:48:51 +0100
76 → 146 of 146 results | First • Previous • Next • Last |