~ubuntu-branches/ubuntu/edgy/lighttpd/edgy-security

Viewing all changes in revision 20.

  • Committer: Bazaar Package Importer
  • Author(s): Emanuele Gentili
  • Date: 2008-04-07 19:45:59 UTC
  • Revision ID: james.westby@ubuntu.com-20080407194559-a5c90ufbndwp9kc1
Tags: 1.4.13~r1370-1ubuntu1.7
* SECURITY UPDATE: (LP: #209627)
 + debian/patches/91_CVE-2008-1531.dpatch
  - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial 
    of service (active SSL connection loss) by triggering an SSL error, 
    such as disconnecting before a download has finished, which causes 
    all active SSL connections to be lost.
* References
 + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531
 + http://trac.lighttpd.net/trac/changeset/2136
 + http://trac.lighttpd.net/trac/changeset/2139

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: