-
lighttpd (1.4.63-1ubuntu3.1) jammy-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds Write
- debian/patches/CVE-2022-22707.patch: mod_extforward_Forwarded function
of the mod_extforward plugin has a stack-based buffer overflow.
(LP: #1994989)
- CVE-2022-22707
* SECURITY UPDATE: Resource leak
- debian/patches/CVE-2022-41556.patch: Resource leak in gw_backend.c.
- CVE-2022-41556
-- Jack Fewx <email address hidden> Mon, 13 Feb 2023 21:33:26 -0600
-
lighttpd (1.4.63-1ubuntu3) jammy; urgency=medium
* No-change rebuild against libwolfssl32
-- Steve Langasek <email address hidden> Mon, 07 Mar 2022 18:38:16 +0000
-
lighttpd (1.4.63-1ubuntu2) jammy; urgency=medium
* No-change rebuild against libmbedcrypto7
-- Steve Langasek <email address hidden> Fri, 18 Feb 2022 23:45:01 +0000
-
lighttpd (1.4.63-1ubuntu1) jammy; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/index.html:
+ Corrected BTS Ubuntu link and branding on the default page.
- debian/lighttpd.dirs, debian/control, debian/rules,
debian/lighttpd.ufw.profile:
+ Add the UFW profile.
+ Make the application build sanely:
- Remove duplicate override on dh_install
- Remove duplicate outdated NEWS file
- Install updated upstream NEWS file and fix
cp: cannot stat /debian/tmp/changelog thingy to
fix FTBFS when built twice in a row.
* Drop lighttpd-dev which is completely unused in Ubuntu.
* Revert change that comments out use-ipv6.pl. All servers should
bind to IPv6 by default, this change was introduced in Ubuntu in
2010 and has not been revisited since; and upstream said on the
original bug (LP #551211) that the Ubuntu delta could be reverted in
2013.
* Drop dh_installinit override, introduced in 2008 in Ubuntu and not
relevant since Ubuntu adopted systemd.
* Drop references to obsolete libgamin.
lighttpd (1.4.63-1) unstable; urgency=medium
* New upstream version 1.4.63
* Drop all patches, applied upstream
* Fix load-all-modules autopkgtest: order mod_auth before mod_ajp13
* Switch to pcre2 (Closes: 1000312)
* Skip fewer tests in integration-tests autopkgtest
lighttpd (1.4.61-1) unstable; urgency=medium
[ Helmut Grohne ]
* New upstream version 1.4.61
* Suppress deprecations in load-all-modules autopkgtest
[ Glenn Strauss ]
* [patch] update patches post lighttpd 1.4.61
lighttpd (1.4.60-1) unstable; urgency=medium
[ Helmut Grohne ]
* Add missing epoch to php-fpm dependency
* New upstream version 1.4.60
+ Drop all patches
+ Enable libzstd in mod_deflate
+ Update debian/copyright
[ Glenn Strauss ]
* lighty-enable-mod conflicts feature
[ Helmut Grohne ]
* Demote lsb-base dependency
lighttpd (1.4.59-2) unstable; urgency=medium
[ Glenn Strauss ]
* replace mime-support with media-types dependency (Closes: #980269)
[ Helmut Grohne ]
* Drop transitional dummy packages after bullseye
* Declare compliance with policy 4.6.0
* Update d/copyright for moved fastcgi.h
* Delete obsolete Breaks+Replaces (via janitor)
* Delete obsolete lighttpd.maintscript (via janitor)
-- Steve Langasek <email address hidden> Wed, 29 Dec 2021 23:25:59 -0800
-
lighttpd (1.4.59-1ubuntu3) jammy; urgency=medium
* No-change rebuild against libssl3
-- Steve Langasek <email address hidden> Wed, 08 Dec 2021 23:38:09 +0000
-
lighttpd (1.4.59-1ubuntu2) impish; urgency=medium
* No-change rebuild due to OpenLDAP soname bump.
-- Sergio Durigan Junior <email address hidden> Mon, 21 Jun 2021 17:53:35 -0400