Change log for lighttpd package in Ubuntu
| 76 → 146 of 146 results | First • Previous • Next • Last |
lighttpd (1.4.19-0ubuntu3.1) hardy-security; urgency=low * SECURITY UPDATE: (LP: #279490) + debian/patches/93_CVE-2008-4298.dpatch - Fix memory leak in request header handling + debian/patches/95_CVE-2008-4360.dpatch - Fix mod_userdir information disclosure * References + https://bugs.launchpad.net/bugs/cve/2008-4298 + https://bugs.launchpad.net/bugs/cve/2008-4360 -- Marcin Gibula <email address hidden> Wed, 04 Mar 2009 13:42:05 +0100
Available diffs
lighttpd (1.4.19-5ubuntu7) jaunty; urgency=low
* debian/index.html: do not point to edge.launchpad.net
(LP: #302845)
* Fix documentation reference to virtual hosting by referring
to mod_simple_vhost (LP: #247271)
- debian/patches/fix-conf-doc.patch
-- Daniel Hahler <email address hidden> Tue, 17 Mar 2009 22:36:05 +0100
Available diffs
- diff from 1.4.19-5ubuntu6 to 1.4.19-5ubuntu7 (980 bytes)
| Superseded in jaunty-release |
lighttpd (1.4.19-5ubuntu6) jaunty; urgency=low
* Finally provide what ~ubuntu3 should have been already, fixing
another shell script error (LP: #329595)
-- Daniel Hahler <email address hidden> Mon, 16 Feb 2009 20:37:19 +0100
Available diffs
- diff from 1.4.19-5ubuntu5 to 1.4.19-5ubuntu6 (444 bytes)
| Superseded in jaunty-release |
lighttpd (1.4.19-5ubuntu5) jaunty; urgency=low * Fix bashism in init.d (LP: #329595) -- Daniel Hahler <email address hidden> Sun, 15 Feb 2009 23:53:19 +0100
Available diffs
- diff from 1.4.19-5ubuntu4 to 1.4.19-5ubuntu5 (430 bytes)
| Superseded in jaunty-release |
lighttpd (1.4.19-5ubuntu4) jaunty; urgency=low
* Remove check-syntax-on-startup from debian/patches/series because there is
not a patch with this name (changes in the last revision were all inside
the debian dir)
-- Scott Kitterman <email address hidden> Sat, 14 Feb 2009 19:07:20 -0500
Available diffs
- diff from 1.4.19-5ubuntu3 to 1.4.19-5ubuntu4 (467 bytes)
| Superseded in jaunty-release |
lighttpd (1.4.19-5ubuntu3) jaunty; urgency=low
* init.d: check sytax during start/reload/restart/force-reload.
Patch provided by Nic Ferrier. (LP: #286887)
-- Daniel Hahler <email address hidden> Sat, 14 Feb 2009 22:18:35 +0100
Available diffs
- diff from 1.4.19-5ubuntu2 to 1.4.19-5ubuntu3 (800 bytes)
| Superseded in jaunty-release |
lighttpd (1.4.19-5ubuntu2) jaunty; urgency=low * Added a UFW profile set. (LP: #317994) - debian/lighttpd.dirs: added etc/ufw/applications.d - debian/rules: install the ufw profile - debian/control: lighttpd: suggest ufw -- Jacob Peddicord <email address hidden> Fri, 23 Jan 2009 19:43:51 -0500
Available diffs
- diff from 1.4.19-5ubuntu1 to 1.4.19-5ubuntu2 (853 bytes)
| Superseded in jaunty-release |
lighttpd (1.4.19-5ubuntu1) jaunty; urgency=low
* Merge from debian unstable, remaining changes:
- debian/control: Depend on lsb >= 3.2-14, which has the
status_of_proc() function; libgamin-dev rather than libfam-dev
to fix startup warning
- debian/init.d: Add the 'status' action, clean environment
- debian/rules: set DEB_UPDATE_RCD_PARAMS to "defaults 91 09" to not
start lighty before apache2 but in the same runlevel with the same
priority
- debian/index.html: s/Debian/Ubuntu/g branding on the default page
- debian/compat: standards version 3.7.3, bump compat to 6, adjusted
build-dep of debhelper accordingly
* Dropped changes
- debian/lighttpd.install: all changes upstream now, order adjusted
accordingly
Available diffs
lighttpd (1.4.19-4ubuntu2) intrepid; urgency=low
* debian/control: Depend on lsb >= 3.2-14, which has the
status_of_proc() function.
* debian/init.d: Add the 'status' action (LP: #251924).
-- Andres Rodriguez <email address hidden> Fri, 25 Jul 2008 11:47:48 -0500
Available diffs
- diff from 1.4.19-4ubuntu1 to 1.4.19-4ubuntu2 (780 bytes)
| Superseded in intrepid-release |
lighttpd (1.4.19-4ubuntu1) intrepid; urgency=low * Merge from debian unstable (LP: #233966), remaining changes: - debian/rules: (From Debian) - Remove spurious mkdir in debian/rules (Closes: dbts 448160). - debian/conf-available/10-rrdtool: (From Debian) + Add sample configuration for the mod_rrdtool (Closes: dbts 462907). - debian/lighttpd.install: + Install 10-rrdtool - debian/patches/ldap-deprecated.dpatch: + Force use of deprecated ldap interfaces (Closes: dbts 463368), thanks to Dann Frazier (patches/ldap-deprecated.dpatch). - debian/rules: (LP: #174289) + set DEB_UPDATE_RCD_PARAMS to "defaults 91 09" to not start lighty before apache2 but in the same runlevel with the same priority - Build against libgamin-dev rather than libfam-dev (fixes a warning during startup) - Make sure that upgrades succeed, even if we can't restart lighttpd. - Clean environment in init.d script.
lighttpd (1.4.18-1ubuntu1.4) gutsy-security; urgency=low * SECURITY UPDATE: (LP: #209627) + debian/patches/91_CVE-2008-1531.dpatch - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost. * References + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531 + http://trac.lighttpd.net/trac/changeset/2136 + http://trac.lighttpd.net/trac/changeset/2139 -- Emanuele Gentili <email address hidden> Sun, 06 Apr 2008 03:39:14 +0200
lighttpd (1.4.13~r1370-1ubuntu1.7) edgy-security; urgency=low * SECURITY UPDATE: (LP: #209627) + debian/patches/91_CVE-2008-1531.dpatch - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost. * References + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531 + http://trac.lighttpd.net/trac/changeset/2136 + http://trac.lighttpd.net/trac/changeset/2139 -- Emanuele Gentili <email address hidden> Mon, 07 Apr 2008 19:45:59 +0200
lighttpd (1.4.13-9ubuntu4.6) feisty-security; urgency=low * SECURITY UPDATE: (LP: #209627) + debian/patches/91_CVE-2008-1531.dpatch - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost. * References + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531 + http://trac.lighttpd.net/trac/changeset/2136 + http://trac.lighttpd.net/trac/changeset/2139 -- Emanuele Gentili <email address hidden> Sun, 06 Apr 2008 23:55:30 +0200
lighttpd (1.4.19-0ubuntu3) hardy; urgency=low * SECURITY UPDATE: (LP: #209627) + debian/patches/92_CVE-2008-1531.dpatch - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost. * References + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531 + http://trac.lighttpd.net/trac/changeset/2136 + http://trac.lighttpd.net/trac/changeset/2139 -- Emanuele Gentili <email address hidden> Sun, 06 Apr 2008 00:09:12 +0200
| Superseded in hardy-release |
lighttpd (1.4.19-0ubuntu2) hardy; urgency=low * debian/rules: (LP: #174289) - set DEB_UPDATE_RCD_PARAMS to "defaults 91 09" to not start lighty before apache2 but in the same runlevel with the same priority -- Stephan Hermann <email address hidden> Mon, 17 Mar 2008 16:50:10 +0100
| Superseded in hardy-release |
lighttpd (1.4.19-0ubuntu1) hardy; urgency=low * New upstream release (LP: #201439) For Changes please read the NEWS file All security patches we have in 1.4.18 of hardy are included now upstream * debian/patches/*: All changes introduced by this patches are now applied upstream - Dropped 90_CVE-2008-1111.dpatch - Dropped 91_CVE-2008-1270.dpatch - Dropped 90_maxfds_crash_fix.dpatch - Dropped 03_ldap_leak_bugfix.dpatch - Dropped 04_ldap_build_filter_fix.dpatch - Dropped 90_accept_ranges_fix.dpatch * debian/lighttpd.conf: (From Debian) - Move the aliases on /doc/ and /images/ mandated by policy at the end to circumvent #445459. * debian/rules: (From Debian) - Remove spurious mkdir in debian/rules (Closes: dbts 448160). * debian/conf-available/10-rrdtool: (From Debian) - Add sample configuration for the mod_rrdtool (Closes: dbts 462907). * debian/lighttpd.install: - Install 10-rrdtool * debian/patches/ldap-deprecated.dpatch: - Force use of deprecated ldap interfaces (Closes: dbts 463368), thanks to Dann Frazier (patches/ldap-deprecated.dpatch). * Bumped Standards Version to 3.7.3, Bumbed Compat to 6, adjusted build-dep of debhelper accordingly -- Stephan Hermann <email address hidden> Wed, 12 Mar 2008 15:52:09 +0100
lighttpd (1.4.18-1ubuntu1.3) gutsy-security; urgency=low * SECURITY UPDATE: (LP: #200987) + debian/patches/91_CVE-2008-1270.dpatch - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory. * References + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270 + http://trac.lighttpd.net/trac/ticket/1587 + http://trac.lighttpd.net/trac/changeset/2120 -- Emanuele Gentili <email address hidden> Tue, 11 Mar 2008 14:37:58 +0100
lighttpd (1.4.13~r1370-1ubuntu1.6) edgy-security; urgency=low * SECURITY UPDATE: (LP: #200987) + debian/patches/91_CVE-2008-1270.dpatch - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory. * References + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270 + http://trac.lighttpd.net/trac/ticket/1587 + http://trac.lighttpd.net/trac/changeset/2120 -- Emanuele Gentili <email address hidden> Tue, 11 Mar 2008 14:58:14 +0100
lighttpd (1.4.13-9ubuntu4.5) feisty-security; urgency=low * SECURITY UPDATE: (LP: #200987) + debian/patches/91_CVE-2008-1270.dpatch - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory. * References + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270 + http://trac.lighttpd.net/trac/ticket/1587 + http://trac.lighttpd.net/trac/changeset/2120 -- Emanuele Gentili <email address hidden> Tue, 11 Mar 2008 14:51:11 +0100
lighttpd (1.4.11-3ubuntu3.8) dapper-security; urgency=low * SECURITY UPDATE: (LP: #200987) + debian/patches/91_CVE-2008-1270.dpatch - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory. * References + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1270 + http://trac.lighttpd.net/trac/ticket/1587 + http://trac.lighttpd.net/trac/changeset/2120 -- Emanuele Gentili <email address hidden> Tue, 11 Mar 2008 15:03:17 +0100
| Superseded in hardy-release |
lighttpd (1.4.18-1ubuntu6) hardy; urgency=low * SECURITY UPDATE: (LP: #200987) + debian/patches/91_CVE-2008-1270.dpatch - mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory. * References + CVE-2008-1270 + http://trac.lighttpd.net/trac/ticket/1587 + http://trac.lighttpd.net/trac/changeset/2120 -- Emanuele Gentili <email address hidden> Tue, 11 Mar 2008 14:16:48 +0100
| Superseded in gutsy-security |
lighttpd (1.4.18-1ubuntu1.2) gutsy-security; urgency=low
* SECURITY UPDATE:
+ debian/patches/91_CVE-2008-1111.dpatch:
- Fixes CVE-2008-1111
"mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the
source code of CGI scripts instead of a 500 error, which might allow
remote attackers to obtain sensitive information." (LP: #198731)
* References
+ http://trac.lighttpd.net/trac/changeset/2107
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111
-- Emanuele Gentili <email address hidden> Wed, 05 Mar 2008 14:28:27 +0100
| Superseded in edgy-security |
lighttpd (1.4.13~r1370-1ubuntu1.5) edgy-security; urgency=low
* SECURITY UPDATE:
+ debian/patches/91_CVE-2008-1111.dpatch:
- Fixes CVE-2008-1111
"mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the
source code of CGI scripts instead of a 500 error, which might allow
remote attackers to obtain sensitive information." (LP: #198731)
* References
+ http://trac.lighttpd.net/trac/changeset/2107
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111
-- Emanuele Gentili <email address hidden> Wed, 05 Mar 2008 16:14:40 +0100
| Superseded in feisty-security |
lighttpd (1.4.13-9ubuntu4.4) feisty-security; urgency=low
* SECURITY UPDATE:
+ debian/patches/91_CVE-2008-1111.dpatch:
- Fixes CVE-2008-1111
"mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the
source code of CGI scripts instead of a 500 error, which might allow
remote attackers to obtain sensitive information." (LP: #198731)
* References
+ http://trac.lighttpd.net/trac/changeset/2107
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111
-- Emanuele Gentili <email address hidden> Wed, 05 Mar 2008 14:53:26 +0100
| Superseded in dapper-security |
lighttpd (1.4.11-3ubuntu3.7) dapper-security; urgency=low
* SECURITY UPDATE:
+ debian/patches/91_CVE-2008-1111.dpatch:
- Fixes CVE-2008-1111
"mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the
source code of CGI scripts instead of a 500 error, which might allow
remote attackers to obtain sensitive information." (LP: #198731)
* References
+ http://trac.lighttpd.net/trac/changeset/2107
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111
-- Emanuele Gentili <email address hidden> Wed, 05 Mar 2008 16:32:13 +0100
| Superseded in hardy-release |
lighttpd (1.4.18-1ubuntu5) hardy; urgency=low
* debian/patches/90-CVE-2008-1111.dpatch:
- Fixes CVE-2008-1111
"mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the source
code of CGI scripts instead of a 500 error, which might allow remote attackers
to obtain sensitive information."
Upstream Patch: http://trac.lighttpd.net/trac/changeset/2107
-- Stephan Hermann <email address hidden> Wed, 05 Mar 2008 14:04:43 +0100
| Superseded in hardy-release |
lighttpd (1.4.18-1ubuntu4) hardy; urgency=low
* debian/patches/90_accept_ranges_fix.dpatch:
- Fixes a problem serving PDF files or other files who are in need of no
Accept-Ranges header (http://trac.lighttpd.net/trac/ticket/541)
(Patch: http://trac.lighttpd.net/trac/changeset/2090)
* debian/index.html:
- replaced all occurances of debian with ubuntu (LP: #115565)
-- Stephan Hermann <email address hidden> Mon, 03 Mar 2008 17:38:33 +0100
lighttpd (1.4.18-1ubuntu1.1) gutsy-security; urgency=low
* SECURITY UPDATE:
+ debian/patches/90_maxfds_crash_fix.dpatch:
- added patch from upstream to fix the maxfds issue (LP: #195380)
* References
+ http://trac.lighttpd.net/trac/ticket/1562
-- Emanuele Gentili <email address hidden> Mon, 25 Feb 2008 16:21:40 +0100
lighttpd (1.4.13~r1370-1ubuntu1.4) edgy-security; urgency=low
* SECURITY UPDATE:
+ debian/patches/90_maxfds_crash_fix.dpatch:
- added patch from upstream to fix the maxfds issue (LP: #195380)
* References
+ http://trac.lighttpd.net/trac/ticket/1562
-- Emanuele Gentili <email address hidden> Mon, 25 Feb 2008 16:46:33 +0100
lighttpd (1.4.13-9ubuntu4.3) feisty-security; urgency=low
* SECURITY UPDATE:
+ debian/patches/90_maxfds_crash_fix.dpatch:
- added patch from upstream to fix the maxfds issue (LP: #195380)
* References
+ http://trac.lighttpd.net/trac/ticket/1562
-- Emanuele Gentili <email address hidden> Mon, 25 Feb 2008 16:35:30 +0100
lighttpd (1.4.11-3ubuntu3.6) dapper-security; urgency=low
* SECURITY UPDATE:
+ debian/patches/90_maxfds_crash_fix.dpatch:
- added patch from upstream to fix the maxfds issue (LP: #195380)
* References
+ http://trac.lighttpd.net/trac/ticket/1562
-- Emanuele Gentili <email address hidden> Mon, 25 Feb 2008 16:58:32 +0100
| Superseded in hardy-release |
lighttpd (1.4.18-1ubuntu3) hardy; urgency=low
* debian/patches/90_maxfds_crash_fix.dpatch:
- added patch from upstream to fix the maxfds issue
- See: http://trac.lighttpd.net/trac/ticket/1562
-- Stephan Hermann <email address hidden> Mon, 25 Feb 2008 11:51:57 +0100
| Superseded in hardy-release |
lighttpd (1.4.18-1ubuntu2) hardy; urgency=low * Rebuild against libldap2.4-2 -- Emmet Hikory <email address hidden> Thu, 24 Jan 2008 22:02:20 +0900
lighttpd (1.4.18-1ubuntu1) gutsy; urgency=low
* Merge from Debian unstable, remaining changes:
- Update maintainer field in debian/control.
- Build against libgamin-dev rather than libfam-dev (fixes a warning
during startup)
- Make sure that upgrades succeed, even if we can't restart lighttpd.
- Clean environment in init.d script.
-- Soren Hansen <email address hidden> Wed, 12 Sep 2007 14:02:31 +0200
lighttpd (1.4.13~r1370-1ubuntu1.3) edgy-security; urgency=low
* SECURITY UPDATE: fix DoS crash from improper EOL handling in mod_cgi.c
(backported from upstream 1.4.17)
* SECURITY UPDATE: fix potential DoS crash in etag.c. This patch also fixes
possible dereferencing a NULL pointer in buffer.c (both backported from
upstream 1.4.17)
* SECURITY UPDATE: fix arbitrary code execution in mod_fastcgi.c due to
improper handling of content length in HTTP headers. Patch from upstream
* References
https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138309
https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138310
http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
CVE-2007-4727
-- Jamie Strandboge <email address hidden> Sat, 10 Sep 2007 16:28:19 -0400
lighttpd (1.4.13-9ubuntu4.2) feisty-security; urgency=low
* SECURITY UPDATE: fix DoS crash from improper EOL handling in mod_cgi.c
(backported from upstream 1.4.17)
* SECURITY UPDATE: fix potential DoS crash in etag.c. This patch also fixes
possible dereferencing a NULL pointer in buffer.c (both backported from
upstream 1.4.17)
* SECURITY UPDATE: fix arbitrary code execution in mod_fastcgi.c due to
improper handling of content length in HTTP headers. Patch from upstream
* References
https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138309
https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138310
http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
CVE-2007-4727
-- Jamie Strandboge <email address hidden> Sat, 10 Sep 2007 14:57:39 -0400
lighttpd (1.4.11-3ubuntu3.5) dapper-security; urgency=low
* SECURITY UPDATE: fix DoS crash from improper EOL handling in mod_cgi.c
(backported from upstream 1.4.17)
* SECURITY UPDATE: fix potential DoS crash in etag.c. This patch also fixes
possible dereferencing a NULL pointer in buffer.c (both backported from
upstream 1.4.17)
* SECURITY UPDATE: fix arbitrary code execution in mod_fastcgi.c due to
improper handling of content length in HTTP headers. Patch from upstream
* References
https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138309
https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138310
http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
CVE-2007-4727
-- Jamie Strandboge <email address hidden> Sat, 08 Sep 2007 17:09:41 -0400
| Superseded in gutsy-release |
lighttpd (1.4.17-1ubuntu1) gutsy; urgency=low
* Merge from Debian unstable, remaining changes:
- Update maintainer field in debian/control.
- Build against libgamin-dev rather than libfam-dev (fixes a warning
during startup)
- Make sure that upgrades succeed, even if we can't restart lighttpd.
- Clean environment in init.d script.
-- Soren Hansen <email address hidden> Wed, 05 Sep 2007 09:30:15 +0200
| Superseded in gutsy-release |
lighttpd (1.4.16-2ubuntu2) gutsy; urgency=low
* Build against libgamin-dev rather than libfam-dev (fixes a warning during
startup about mismatched sizes of a data type).
-- Soren Hansen <email address hidden> Thu, 23 Aug 2007 19:51:08 +0200
| Superseded in edgy-security |
lighttpd (1.4.13~r1370-1ubuntu1.2) edgy-security; urgency=low
* SECURITY UPDATE: remote crash on duplicate header keys with line-wrapping,
various mod_auth bugs, mod_access bug and mod_fastcgi local DOS bug
(LP:#127718)
* debian/patches/06_security_lighttpd-1.4.x_duplicated_headers_with_folding_crash.dpatch:
- Fixes header parsing bug (Lighttpd SA 2007:03, CVE 2007-3947)
- Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_03.txt
- Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_duplicated_headers_with_folding_crash.patch
* debian/patches/07_security_lighttpd-1.4.x_mod_auth_sec.dpatch:
- Fixes various mod_auth bugs (Lighttpd SA 2007:04-07, CVE 2007-3946)
- Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_04.txt,
http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_05.txt,
http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_06.txt,
http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_07.txt
- Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_auth_sec.patch
* debian/patches/08_security_lighttpd-1.4.x_mod_access_bypass.dpatch:
- Fixes mod_access bug (Lighttpd SA 2007:08, CVE 2007-3949)
- Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_08.txt
- Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_access_bypass.patch
* debian/patches/09_security_lighttpd-1.4.x_connections.dpatch:
- Fixes crashes with accessing out of bound fd array index (CVE 2007-3948)
- Description: http://secunia.com/cve_reference/CVE-2007-3948/
- Patch: http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
* debian/patches/10_security_lighttpd-1.4.x_mod_scgi_segfault.dpatch
- Fixes segmentation fault in mod_scgi, ... (CVE 2007-3950)
- Description: http://secunia.com/cve_reference/CVE-2007-3950/
- Patch: http://trac.lighttpd.net/trac/changeset/1882?format=diff&new=1882
* References:
- Summary: http://www.lighttpd.net/2007/7/24/1-4-16-let-s-ship-it
- External references: http://secunia.com/advisories/26130/
-- Aron Sisak <email address hidden> Wed, 08 Aug 2007 12:53:07 +0200
| Superseded in feisty-security |
lighttpd (1.4.13-9ubuntu4.1) feisty-security; urgency=low
* SECURITY UPDATE: remote crash on duplicate header keys with line-wrapping,
various mod_auth bugs, mod_access bug and mod_fastcgi local DOS bug
(LP:#127718)
* debian/patches/06_security_lighttpd-1.4.x_duplicated_headers_with_folding_crash.dpatch:
- Fixes header parsing bug (Lighttpd SA 2007:03, CVE 2007-3947)
- Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_03.txt
- Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_duplicated_headers_with_folding_crash.patch
* debian/patches/07_security_lighttpd-1.4.x_mod_auth_sec.dpatch:
- Fixes various mod_auth bugs (Lighttpd SA 2007:04-07, CVE 2007-3946)
- Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_04.txt,
http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_05.txt,
http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_06.txt,
http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_07.txt
- Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_auth_sec.patch
* debian/patches/08_security_lighttpd-1.4.x_mod_access_bypass.dpatch:
- Fixes mod_access bug (Lighttpd SA 2007:08, CVE 2007-3949)
- Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_08.txt
- Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_access_bypass.patch
* debian/patches/09_security_lighttpd-1.4.x_connections.dpatch:
- Fixes crashes with accessing out of bound fd array index (CVE 2007-3948)
- Description: http://secunia.com/cve_reference/CVE-2007-3948/
- Patch: http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
* debian/patches/10_security_lighttpd-1.4.x_mod_scgi_segfault.dpatch
- Fixes segmentation fault in mod_scgi, ... (CVE 2007-3950)
- Description: http://secunia.com/cve_reference/CVE-2007-3950/
- Patch: http://trac.lighttpd.net/trac/changeset/1882?format=diff&new=1882
* References:
- Summary: http://www.lighttpd.net/2007/7/24/1-4-16-let-s-ship-it
- External references: http://secunia.com/advisories/26130/
-- Aron Sisak <email address hidden> Wed, 08 Aug 2007 11:37:59 +0200
| Superseded in dapper-security |
lighttpd (1.4.11-3ubuntu3.4) dapper-security; urgency=low
* SECURITY UPDATE: remote crash on duplicate header keys with line-wrapping,
various mod_auth bugs, mod_access bug and mod_fastcgi local DOS bug
(LP:#127718)
* debian/patches/06_security_lighttpd-1.4.x_duplicated_headers_with_folding_crash.dpatch:
- Fixes header parsing bug (Lighttpd SA 2007:03, CVE 2007-3947)
- Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_03.txt
- Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_duplicated_headers_with_folding_crash.patch
* debian/patches/07_security_lighttpd-1.4.x_mod_auth_sec.dpatch:
- Fixes various mod_auth bugs (Lighttpd SA 2007:04-07, CVE 2007-3946)
- Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_04.txt,
http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_05.txt,
http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_06.txt,
http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_07.txt
- Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_auth_sec.patch
* debian/patches/08_security_lighttpd-1.4.x_mod_access_bypass.dpatch:
- Fixes mod_access bug (Lighttpd SA 2007:08, CVE 2007-3949)
- Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_08.txt
- Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_access_bypass.patch
* debian/patches/09_security_lighttpd-1.4.x_connections.dpatch:
- Fixes crashes with accessing out of bound fd array index (CVE 2007-3948)
- Description: http://secunia.com/cve_reference/CVE-2007-3948/
- Patch: http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
* debian/patches/10_security_lighttpd-1.4.x_mod_scgi_segfault.dpatch
- Fixes segmentation fault in mod_scgi, ... (CVE 2007-3950)
- Description: http://secunia.com/cve_reference/CVE-2007-3950/
- Patch: http://trac.lighttpd.net/trac/changeset/1882?format=diff&new=1882
* References:
- Summary: http://www.lighttpd.net/2007/7/24/1-4-16-let-s-ship-it
- External references: http://secunia.com/advisories/26130/
-- Aron Sisak <email address hidden> Wed, 08 Aug 2007 22:32:43 +0200
| Superseded in gutsy-release |
lighttpd (1.4.16-2ubuntu1) gutsy; urgency=low * Merge from Debian unstable, remaining changes: (LP: #131224) - Make sure that upgrades succeed, even if we can't restart lighttpd. - Clean environment in init.d script. - Update maintainer field in debian/control. -- Michele Angrisano <email address hidden> Wed, 08 Aug 2007 13:24:21 +0200
| Superseded in dapper-updates |
lighttpd (1.4.11-3ubuntu3.3) dapper-updates; urgency=low * Push SRU to dapper-updates -- Scott Kitterman <email address hidden> Sat, 04 Aug 2007 16:14:27 -0400
| Superseded in gutsy-release |
lighttpd (1.4.16-1ubuntu1) gutsy; urgency=low
* Merge from Debian unstable, remaining changes:
- Add fam/gamin stat cache engine support.
- Replace Depends: on perl with Depends: on libterm-readline-perl-perl.
- Make sure that upgrades succeed, even if we can't restart lighttpd.
- Clean environment in init.d script.
- Update maintainer field in debian/control.
| Superseded in gutsy-release |
lighttpd (1.4.15-1.1ubuntu1) gutsy; urgency=low
* Merge from Debian unstable, remaining changes:
- Add fam/gamin stat cache engine support.
- Replace Depends: on perl with Depends: on libterm-readline-perl-perl.
- Make sure that upgrades succeed, even if we can't restart lighttpd.
- Clean environment in init.d script.
- Update maintainer field in debian/control.
| Deleted in dapper-proposed (Reason: moved to -updates) |
lighttpd (1.4.11-3ubuntu3.2) dapper-proposed; urgency=low * Added relevant security fix from 1.4.14 (Closes LP: #107628) - DOS with files with mtime 0 (CVE-2007-1870) security_zero_mtime_crash -- Scott Kitterman <email address hidden> Tue, 24 Apr 2007 12:04:01 -0400
| Superseded in gutsy-release |
lighttpd (1.4.15-1ubuntu1) gutsy; urgency=low
* Merge from Debian unstable. Remaining Ubuntu changes:
- Add fam/gamin stat cache engine support
- Clean environment in init.d script
- Replace Depends: on perl with Depends: on libterm-readline-perl-perl
- Make sure that upgrades succeed, even if we can't restart lighttpd
- DebianMaintainerField update
| Superseded in edgy-security |
lighttpd (1.4.13~r1370-1ubuntu1.1) edgy-security; urgency=low * Added security fixes from 1.4.14 (Closes LP: #107628) - Remote DOS in CRLF parsing (CVE-2007-1869) debian/patches/04_security_crlf_parsing_dos.dpatch - DOS with files with mtime 0 (CVE-2007-1870) debian/patches/05_security_zero_mtime_crash.dpatch * Change maintainer to MOTU -- Scott Kitterman <email address hidden> Mon, 23 Apr 2007 17:03:01 -0400
| Superseded in dapper-security |
lighttpd (1.4.11-3ubuntu3.0.1) dapper-security; urgency=low * Added relevant security fix from 1.4.14 (Closes LP: #107628) - DOS with files with mtime 0 (CVE-2007-1870) security_zero_mtime_crash * Change maintainer to MOTU -- Scott Kitterman <email address hidden> Tue, 24 Apr 2007 10:30:01 -0400
lighttpd (1.4.13-9ubuntu4) feisty; urgency=low
* Added LDAP connection leak fix from Debian (Bug: #413917)
- debian/patches/03_ldap_leak_bugfix.dpatch
* Added security fixes from 1.4.14 (Closes LP: #106416)
- Remote DOS in CRLF parsing (CVE-2007-1869)
debian/patches/04_security_crlf_parsing_dos.dpatch
- DOS with files with mtime 0 (CVE-2007-1870)
debian/patches/05_security_zero_mtime_crash.dpatch
-- Lukas Fittl <email address hidden> Sat, 14 Apr 2007 05:26:10 +0200
| Superseded in feisty-release |
lighttpd (1.4.13-9ubuntu3) feisty; urgency=low
* Make sure that upgrades succeed, even if we can't restart lighttpd
(LP: #86882)
-- Soren Hansen <email address hidden> Thu, 29 Mar 2007 01:10:06 +0200
| Superseded in feisty-release |
lighttpd (1.4.13-9ubuntu2) feisty; urgency=low * Add fam/gamin stat cache engine support (Closes: LP#80818) -- Soren Hansen <email address hidden> Mon, 19 Feb 2007 13:09:19 +0100
| Superseded in feisty-release |
lighttpd (1.4.13-9ubuntu1) feisty; urgency=low
* Merge from Debian unstable. Remaining Ubuntu changes:
- Clean environment in init.d script
- Replace Depends: on perl with Depends: on libterm-readline-perl-perl
| Superseded in feisty-release |
lighttpd (1.4.13-7ubuntu1) feisty; urgency=low
* Merge from debian unstable, remaining changes:
- Clean environment in init.d script
- Replace Depends: on perl with Depends: on libterm-readline-perl-perl
| Superseded in feisty-release |
lighttpd (1.4.13-6ubuntu3) feisty; urgency=low * Fix typo in init-script -- Soren Hansen <email address hidden> Wed, 13 Dec 2006 11:52:54 +0100
| Superseded in feisty-release |
lighttpd (1.4.13-6ubuntu2) feisty; urgency=low * Clean the environment before starting. Fixes: LP#53840 -- Soren Hansen <email address hidden> Sun, 10 Dec 2006 16:18:55 +0100
| Superseded in feisty-release |
lighttpd (1.4.13-6ubuntu1) feisty; urgency=low
* Merge from debian unstable, remaining changes:
- Replace Depends: on perl with Depends: on libterm-readline-perl-perl
| Superseded in dapper-proposed |
lighttpd (1.4.11-3ubuntu3.1) dapper-proposed; urgency=low
* debian/init.d: Update to current Debian script
(Closes: Malone #59269, Malone #68401)
-- Lukas Fittl <email address hidden> Sat, 4 Nov 2006 15:57:26 +0100
lighttpd (1.4.13~r1370-1ubuntu1) edgy; urgency=low
* Merge from Debian unstable (Closes: Malone #64900). Remaining changes:
- Add an additional dependency on libterm-readline-perl-perl
(Malone #43895)
| Superseded in edgy-release |
lighttpd (1.4.12~20060907-1ubuntu1) edgy; urgency=low
* Merge from debian unstable:
-> Keep the additional dependency on libterm-readline-perl-perl.
| Superseded in edgy-release |
lighttpd (1.4.11-7ubuntu1) edgy; urgency=low
* Merge from debian unstable:
-> Restore B-D on libmemcache-dev.
-> Keep the additional dependency on libterm-readline-perl-perl.
* debian/patches:
-> Add 02_mod_ssl_post_fix.dpatch: fix a stall with POST requests between
8317 and 16381 bytes long when mod_ssl is enabled.
lighttpd (1.4.11-3ubuntu3) dapper; urgency=low
* debian/control
+ Added depends on libterm-readline-perl-perl. (Closes: Malone #43895)
-- Chuck Short <email address hidden> Wed, 10 May 2006 18:11:24 -0400
| Superseded in dapper-release |
lighttpd (1.4.11-3ubuntu2) dapper; urgency=low * Rebuild against the new libmysqlclient15off with correct symbols. -- Adam Conrad <email address hidden> Thu, 6 Apr 2006 15:10:02 +1000
| Superseded in dapper-release |
lighttpd (1.4.11-3ubuntu1) dapper; urgency=low
* Sync with Debian:
+ Removed B-D on libmemcache-dev as we don't have it in dapper, needs to be
re-enabled for dapper+1
| Superseded in dapper-release |
lighttpd (1.4.11-1ubuntu1) dapper; urgency=low
* Sync with Debian
* UVF exception:
https://launchpad.net/distros/ubuntu/+source/lighttpd/+bug/35353
* Removed B-D on libmemcache-dev as we don't have it in dapper, needs to be
re-enabled for dapper+1
lighttpd (1.4.9-1) unstable; urgency=low * New upstream release * Closing bug from not uploaded release 1.4.8-5, (closes: #347737) -- Krzysztof Krzyzaniak (eloy) <email address hidden> Mon, 16 Jan 2006 20:06:39 +0100
lighttpd (1.4.8-4) unstable; urgency=low * fixed permissions and directories (closes: #347565) -- Krzysztof Krzyzaniak (eloy) <email address hidden> Wed, 11 Jan 2006 17:15:12 +0100
lighttpd (1.4.8-3) unstable; urgency=low
* New configuration layout (closes: #345554) (closes: #344959),
read /etc/lighttpd/conf-available/README
- conf-available directory for all templates
- conf-enabled directory for enabled modules
-- Krzysztof Krzyzaniak (eloy) <email address hidden> Mon, 9 Jan 2006 13:49:34 +0100
lighttpd (1.4.8-2) unstable; urgency=low [ Krzysztof Krzyzaniak (eloy) ] * debian/control: lsb-base dependency narrowed to (>= 3.0-3) * create-mime.assign.pl set as executable (closes: #344938) -- Krzysztof Krzyzaniak (eloy) <email address hidden> Wed, 28 Dec 2005 12:40:55 +0100
lighttpd (1.4.8-1) unstable; urgency=low * New upstream version (closes: #304271) * Does not rely on $SHELL to execute external commands -- Torsten Marek <email address hidden> Sat, 26 Nov 2005 11:48:51 +0100
| 76 → 146 of 146 results | First • Previous • Next • Last |
