New upstream release 1.4.20 fixes security issues

Bug #277907 reported by Rodrigo Campos on 2008-10-04
This bug report is a duplicate of:  Bug #209627: lighttpd (security) ssl fix. Edit Remove
256
Affects Status Importance Assigned to Milestone
lighttpd (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: lighttpd

There's a new upstream release (1.4.20) that fixes security issues as you can see here:

http://www.lighttpd.net/2008/9/30/1-4-20-Otherwise-the-terrorists-win

There you can see the affected versions, but 1.4.19 is always affected :)

Please consider updating to 1.4.20 or backporting the fixes. If you want to backport the fixes,
perhaps you could check how Debian backported them.

Thanks a lot,

Rodrigo

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers