-
Committer:
Bazaar Package Importer
-
Author(s):
Aron Sisak
-
Date:
2007-08-08 12:53:07 UTC
-
Revision ID:
james.westby@ubuntu.com-20070808125307-i8j3pnlsa2qcbkkr
Tags: 1.4.13~r1370-1ubuntu1.2
* SECURITY UPDATE: remote crash on duplicate header keys with line-wrapping,
various mod_auth bugs, mod_access bug and mod_fastcgi local DOS bug
(LP:#127718)
* debian/patches/06_security_lighttpd-1.4.x_duplicated_headers_with_folding_crash.dpatch:
- Fixes header parsing bug (Lighttpd SA 2007:03, CVE 2007-3947)
- Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_03.txt
- Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_duplicated_headers_with_folding_crash.patch
* debian/patches/07_security_lighttpd-1.4.x_mod_auth_sec.dpatch:
- Fixes various mod_auth bugs (Lighttpd SA 2007:04-07, CVE 2007-3946)
- Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_04.txt,
http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_05.txt,
http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_06.txt,
http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_07.txt
- Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_auth_sec.patch
* debian/patches/08_security_lighttpd-1.4.x_mod_access_bypass.dpatch:
- Fixes mod_access bug (Lighttpd SA 2007:08, CVE 2007-3949)
- Description: http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_08.txt
- Patch: http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_access_bypass.patch
* debian/patches/09_security_lighttpd-1.4.x_connections.dpatch:
- Fixes crashes with accessing out of bound fd array index (CVE 2007-3948)
- Description: http://secunia.com/cve_reference/CVE-2007-3948/
- Patch: http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
* debian/patches/10_security_lighttpd-1.4.x_mod_scgi_segfault.dpatch
- Fixes segmentation fault in mod_scgi, ... (CVE 2007-3950)
- Description: http://secunia.com/cve_reference/CVE-2007-3950/
- Patch: http://trac.lighttpd.net/trac/changeset/1882?format=diff&new=1882
* References:
- Summary: http://www.lighttpd.net/2007/7/24/1-4-16-let-s-ship-it
- External references: http://secunia.com/advisories/26130/