[needs-packaging] lighttpd critical fixes released

Bug #523682 reported by DarkSide on 2010-02-18
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lighttpd (Ubuntu)
Wishlist
Andres Rodriguez

Bug Description

Binary package hint: lighttpd

There have been some important bug fixes (request parser handling for splitted header data, a fd leak in mod_cgi, a segfault with broken configs in mod_rewrite/mod_redirect, HUP detection and an OOM/DoS vulnerability) - February 7th, 2010.

Please update the package to newer version.

root@gateway:~# lsb_release -rd
Description: Ubuntu 9.10
Release: 9.10

Related branches

Brian Murray (brian-murray) wrote :

*** This is an automated message ***

This bug is tagged needs-packaging which identifies it as a request for a new package in Ubuntu. As a part of the managing needs-packaging bug reports specification, https://wiki.ubuntu.com/QATeam/Specs/NeedsPackagingBugs, all needs-packaging bug reports have Wishlist importance. Subsequently, I'm setting this bug's status to Wishlist.

summary: - lighttpd critical fixes released
+ [needs-packaging] lighttpd critical fixes released
Changed in lighttpd (Ubuntu):
importance: Undecided → Wishlist
Changed in lighttpd (Ubuntu):
assignee: nobody → Andres Rodriguez (andreserl)
status: New → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lighttpd - 1.4.26-1.1ubuntu1

---------------
lighttpd (1.4.26-1.1ubuntu1) lucid; urgency=low

  * Merge from debian unstable (LP: #407722). Remaining changes:
    - debian/control: libgamin-dev rather than libfam-dev to fix startup
      warning.
    - debian/init.d: clean environment; Check syntax during start/reload
      restart/force-reload.
    - debian/index.html: s/Debian/Ubuntu/g branding on the default page.
    - Added a UFW profile set:
      + debian/lighttpd.dirs: added etc/ufw/applications.d
      + debian/rules: install the ufw profile.
      + debian/control: Suggests on ufw.
    - Add lighttpd-dev package:
      + debian/control: Added lighttpd-dev package; Build-depends on
        automake, libtool
      + debian/lighttpd-dev.install: Added.
  * debian/control: debhelper Build-depends bumped to (>= 7.0.50) for
    overrides in rules file.
  * debian/rules:
    - Add override_dh_installinit to set "defaults 91 09" to not start
      before apache2 but in the same runlevel with the same priority.
  * debian/patches/build-dev-package.patch: Updated
  * Also closes: (LP: #521659, LP: #523682)

lighttpd (1.4.26-1.1) unstable; urgency=low

  * Non-maintainer upload.
  * Apply upstream patch to fix openssl (closes: #572031)

lighttpd (1.4.26-1) unstable; urgency=low

  * New upstream release (closes: #568735)
  * Use provided patch from Andres Rodriguez <email address hidden>
    to implement status action in init.d script (closes: #539955)

lighttpd (1.4.25-2) unstable; urgency=low

  * Change behaviour of use-ipv6.pl script (closes: #560837)

lighttpd (1.4.25-1) unstable; urgency=low

  * New upstream release (closes: #558045)
  * debian/watch: updated
  * debian/control: Section field changed to web

lighttpd (1.4.24-1) unstable; urgency=low

  * New upstream release (closes: #530892) (closes: #538135) (closes: #482601)
    (closes: #541428)
  * debian/control:
   + Standards-Version: 3.8.3
  * debian/init.d renamed to debian/lighttpd.init
  * Added $syslog to LSB header in init script (closes: #545576)
    (Jeremy Lal <email address hidden>)
  * debian/init.d: force-reload moved to reload section (closes: #538661)
    (Peter Eisentraut <email address hidden>)

lighttpd (1.4.23-3) unstable; urgency=low

  * debian/rules: make sure that scripts have proper rights
   (closes: #536668), (closes: #536681), (closes: #536688) (closes: #536668)

lighttpd (1.4.23-2) unstable; urgency=low

  * Add lighttpd.docs with README & NEWS file
  * New upstream closes wishlist bugs (closes: #535065) (closes: #515777)

lighttpd (1.4.23-1) unstable; urgency=low

  * New upstream release
  * spawn-fcgi is now separate package, recommends it debian/control
  * Update Standards-Version to 3.8.2 without changes
  * Remove cdbs, patchutils from Build-Depends, debian/rules uses
    debhelper 7 scripts
  * lighttpd.logrotate apply patch (closes: #535523)
    from Ubuntu (Daniel Hahler, https://launchpad.net/bugs/393792)
 -- Andres Rodriguez <email address hidden> Sat, 27 Mar 2010 15:53:32 -0400

Changed in lighttpd (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers