This bug was fixed in the package lighttpd - 1.4.18-1ubuntu1.4
--------------- lighttpd (1.4.18-1ubuntu1.4) gutsy-security; urgency=low
* SECURITY UPDATE: (LP: #209627) + debian/patches/91_CVE-2008-1531.dpatch - lighttpd 1.4.19 and earlier allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost. * References + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1531 + http://trac.lighttpd.net/trac/changeset/2136 + http://trac.lighttpd.net/trac/changeset/2139
-- Emanuele Gentili <email address hidden> Sun, 06 Apr 2008 03:39:14 +0200
This bug was fixed in the package lighttpd - 1.4.18-1ubuntu1.4
---------------
lighttpd (1.4.18-1ubuntu1.4) gutsy-security; urgency=low
* SECURITY UPDATE: (LP: #209627) patches/ 91_CVE- 2008-1531. dpatch nvd.nist. gov/nvd. cfm?cvename= CVE-2008- 1531 trac.lighttpd. net/trac/ changeset/ 2136 trac.lighttpd. net/trac/ changeset/ 2139
+ debian/
- lighttpd 1.4.19 and earlier allows remote attackers to cause a denial
of service (active SSL connection loss) by triggering an SSL error,
such as disconnecting before a download has finished, which causes
all active SSL connections to be lost.
* References
+ http://
+ http://
+ http://
-- Emanuele Gentili <email address hidden> Sun, 06 Apr 2008 03:39:14 +0200