« back to all changes in this revision
Viewing changes to debian/patches/11_security_lighttpd-1.4.x_etags.dpatch
- Committer: Bazaar Package Importer
- Date: 2007-09-10 14:57:39 UTC
- Revision ID: james.westby@ubuntu.com-20070910145739-sb4j09hngy0wcvo1
* SECURITY UPDATE: fix DoS crash from improper EOL handling in mod_cgi.c
(backported from upstream 1.4.17)
* SECURITY UPDATE: fix potential DoS crash in etag.c. This patch also fixes
possible dereferencing a NULL pointer in buffer.c (both backported from
upstream 1.4.17)
* SECURITY UPDATE: fix arbitrary code execution in mod_fastcgi.c due to
improper handling of content length in HTTP headers. Patch from upstream
* References
https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138309
https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138310
http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
CVE-2007-4727
(backported from upstream 1.4.17)
* SECURITY UPDATE: fix potential DoS crash in etag.c. This patch also fixes
possible dereferencing a NULL pointer in buffer.c (both backported from
upstream 1.4.17)
* SECURITY UPDATE: fix arbitrary code execution in mod_fastcgi.c due to
improper handling of content length in HTTP headers. Patch from upstream
* References
https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138309
https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/138310
http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
CVE-2007-4727
added
removed
debian/patches/11_security_lighttpd-1.4.x_etags.dpatch
