Change logs for bozohttpd source package in Trusty

  • bozohttpd (20111118-1+deb7u1build0.14.04.1) trusty-security; urgency=medium
      * fake sync from Debian
    bozohttpd (20111118-1+deb7u1) wheezy-security; urgency=high
      * Non-maintainer upload by the LTS team.
      * Fix CVE-2014-5015:
        bozotic HTTP server (aka bozohttpd) before 201407081 truncates paths when
        checking .htpasswd restrictions, which allows remote attackers to bypass
        the HTTP authentication scheme and access restrictions via a long path.
        (Closes: #755197)
      * CVE-2015-8212:
        Fix a security issue in CGI suffix handler support which would allow remote
        code execution.
     -- Steve Beattie <email address hidden>  Fri, 24 Jun 2016 14:35:34 -0700
  • bozohttpd (20111118-1) unstable; urgency=low
      * New upstream release (closes: #664042)
      * Updated to Debian Policy v3.9.3.1. No changes needed.
     -- Mattias Nordstrom <email address hidden>  Tue, 27 Mar 2012 13:26:57 +0300