Ubuntu
bozohttpd package

Change logs for bozohttpd source package in Trusty

Trusty (14.04)
Change log

bozohttpd (20111118-1+deb7u1build0.14.04.1) trusty-security; urgency=medium

  * fake sync from Debian

bozohttpd (20111118-1+deb7u1) wheezy-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Fix CVE-2014-5015:
    bozotic HTTP server (aka bozohttpd) before 201407081 truncates paths when
    checking .htpasswd restrictions, which allows remote attackers to bypass
    the HTTP authentication scheme and access restrictions via a long path.
    (Closes: #755197)
  * CVE-2015-8212:
    Fix a security issue in CGI suffix handler support which would allow remote
    code execution.

 -- Steve Beattie <email address hidden>  Fri, 24 Jun 2016 14:35:34 -0700

bozohttpd (20111118-1) unstable; urgency=low


  * New upstream release (closes: #664042)
  * Updated to Debian Policy v3.9.3.1. No changes needed.

 -- Mattias Nordstrom <email address hidden>  Tue, 27 Mar 2012 13:26:57 +0300

Ubuntubozohttpd package

Change logs for bozohttpd source package in Trusty

Ubuntu
bozohttpd package