bozohttpd 20111118-1+deb7u1build0.14.04.1 source package in Ubuntu
Changelog
bozohttpd (20111118-1+deb7u1build0.14.04.1) trusty-security; urgency=medium * fake sync from Debian bozohttpd (20111118-1+deb7u1) wheezy-security; urgency=high * Non-maintainer upload by the LTS team. * Fix CVE-2014-5015: bozotic HTTP server (aka bozohttpd) before 201407081 truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path. (Closes: #755197) * CVE-2015-8212: Fix a security issue in CGI suffix handler support which would allow remote code execution. -- Steve Beattie <email address hidden> Fri, 24 Jun 2016 14:35:34 -0700
Upload details
- Uploaded by:
- Steve Beattie
- Uploaded to:
- Trusty
- Original maintainer:
- Mattias Nordstrom
- Architectures:
- any
- Section:
- httpd
- Urgency:
- Very Urgent
See full publishing history Publishing
Series | Published | Component | Section | |
---|---|---|---|---|
Trusty | updates | universe | net | |
Trusty | security | universe | net |
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
bozohttpd_20111118.orig.tar.gz | 54.9 KiB | 6cb6ab6fb3b127af452ffd4ddbdd5e9c1676934bd19b8b5edc12c33e0fe4278d |
bozohttpd_20111118-1+deb7u1build0.14.04.1.diff.gz | 5.8 KiB | dcd4860ac41e8c2f36ff2d72886843bbbeae56c1fd38a5977ff76aa0b28c936a |
bozohttpd_20111118-1+deb7u1build0.14.04.1.dsc | 1.7 KiB | 2b569efdf444ec9aaf82026b765be51f3c9cae0f09883c11943b0db21dc8bf64 |
Available diffs
Binary packages built by this source
- bozohttpd: Bozotic HTTP server
A small and secure HTTP server. Its main feature is the
lack of features, reducing code size and improving verifiability. It
has no configuration file by design.
.
It supports CGI/1.1, HTTP/1.1, HTTP/1.0, HTTP/0.9, ~user translations,
virtual hosting support, as well as multiple IP-based servers on a
single machine, and is able to serve pages via the IPv6 protocol.