bozohttpd (20111118-1+deb7u1build0.14.04.1) trusty-security; urgency=medium
* fake sync from Debian
bozohttpd (20111118-1+deb7u1) wheezy-security; urgency=high
* Non-maintainer upload by the LTS team.
* Fix CVE-2014-5015:
bozotic HTTP server (aka bozohttpd) before 201407081 truncates paths when
checking .htpasswd restrictions, which allows remote attackers to bypass
the HTTP authentication scheme and access restrictions via a long path.
(Closes: #755197)
* CVE-2015-8212:
Fix a security issue in CGI suffix handler support which would allow remote
code execution.
-- Steve Beattie <email address hidden> Fri, 24 Jun 2016 14:35:34 -0700