2 new security fixes in 1.4.14

Bug #106416 reported by Lukas Fittl on 2007-04-14
Affects Status Importance Assigned to Milestone
lighttpd (Ubuntu)
Lukas Fittl
Nominated for Dapper by Lukas Fittl
Nominated for Edgy by Lukas Fittl

Bug Description

Binary package hint: lighttpd

The new lighttpd release 1.4.14 (and the hotfix release 1.4.15), contains two security fixes:

Remote DOS in CRLF parsing (http://lighttpd.net/assets/2007/4/13/lighttpd_sa2007_01.txt)
DOS with files with mtime 0 (http://lighttpd.net/assets/2007/4/13/lighttpd_sa2007_02.txt)

Please update the Ubuntu packages!

Related branches

CVE References

Lukas Fittl (lfittl) wrote :
Lukas Fittl (lfittl) wrote :
Lukas Fittl (lfittl) on 2007-04-14
Changed in lighttpd:
assignee: nobody → lfittl
importance: Undecided → Medium
status: Unconfirmed → In Progress
Lukas Fittl (lfittl) wrote :

Fix uploaded for feisty, {dapper,edgy}-security still without security fixes.

Changed in lighttpd:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers