-
Committer:
Bazaar Package Importer
-
Author(s):
Jamie Strandboge
-
Date:
2007-09-10 16:28:19 UTC
-
Revision ID:
james.westby@ubuntu.com-20070910162819-5vqmt9u7a56ifuii
Tags: 1.4.13~r1370-1ubuntu1.3
* SECURITY UPDATE: fix DoS crash from improper EOL handling in mod_cgi.c
(backported from upstream 1.4.17)
* SECURITY UPDATE: fix potential DoS crash in etag.c. This patch also fixes
possible dereferencing a NULL pointer in buffer.c (both backported from
upstream 1.4.17)
* SECURITY UPDATE: fix arbitrary code execution in mod_fastcgi.c due to
improper handling of content length in HTTP headers. Patch from upstream
* References
https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138309
https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138310
http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
CVE-2007-4727