** Changed in: lighttpd (Ubuntu)
Status: Confirmed = Fix Released
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
dapper-proposed update uploaded.
** Tags added: verification-motu-needed
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
Hi Scott,
Scott Kitterman [2007-05-03 11:52 -]:
That update:
https://launchpad.net/ubuntu/dapper/+source/lighttpd/1.4.11-3ubuntu3.1
has been sitting in dapper-proposed since last November and lacks the
fix for this issue. So the existing -proposed package has the
vulnerability. The
I've attached the dapper-proposed debdiff with the maintainer change
removed to be uploaded again.
** Attachment added: Dapper-proposed Fix
http://librarian.launchpad.net/7550426/lighttpd-dapper-proposed.debdiff
** Attachment removed: Dapper-proposed debdiff
** Changed in: lighttpd (Ubuntu)
Status: Confirmed = Fix Released
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
** Changed in: lighttpd (Ubuntu)
Status: Fix Released = Confirmed
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
This time with the mention of the maintainer change removed from the
changelog
** Attachment added: Updated patch for dapper-proposed
http://librarian.launchpad.net/7556605/fixed-sru-security.debdiff
** Attachment removed: Dapper-proposed Fix
Scott, I don't understand -- If the -proposed package has the same
vulnerability fix, then it doesn't matter. If it fixes something
different, then it should not be treated in this bug report.
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug
Martin, Scott's debdiff for a new dapper-proposed source upload contains
the fix in the dapper-security upload. The current dapper-proposed
source does /not/ contain this fix.
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you
The problem is that when this was reported, there was an updated for
Dapper sitting in dapper-proposed:
https://launchpad.net/ubuntu/dapper/+source/lighttpd
That update:
https://launchpad.net/ubuntu/dapper/+source/lighttpd/1.4.11-3ubuntu3.1
has been sitting in dapper-proposed since last
Just for the record, I rejected the dapper-proposed upload because the
fix is already in -security.
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
Then that leaves us with a higher version numbered package in
dapper-proposed that is unpatched. If that SRU ever gets released we'll
re-introduce the vulnerability.
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a
Package released to dapper-security. Thank you!
** Changed in: lighttpd (Ubuntu Dapper)
Status: Fix Committed = Fix Released
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the
Updated packages released to -security. Thank you!
** Changed in: lighttpd (Ubuntu Edgy)
Status: Fix Committed = Fix Released
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the
Updated patch for Edgy using the patch system. Pbuilt and verified in
the pbuilder log that the patches were applied. I can probide i386
binaries for testing if requested.
** Changed in: lighttpd (Ubuntu)
Assignee: Fridtjof Busse = Scott Kitterman
** Attachment added: Edgy fix with dpatch
Dapper fix with dpatch. Version number is due to the .1 already in
dapper proposed.
** Attachment added: Dapper-security fix with dpatch
http://librarian.launchpad.net/7399483/lighttpd-dapper-security.debdiff
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You
Dapper-proposed fix with dpatch attached.
** Attachment added: Fix for dapper-proposed
http://librarian.launchpad.net/7399547/lighttpd-dapper-proposed.debdiff
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member
Also subscribing MOTU SRU because the fix impacts dapper-proposed.
** Changed in: lighttpd (Ubuntu)
Assignee: Scott Kitterman = (unassigned)
Status: In Progress = Confirmed
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification
Show state in Feisty (fixed already), Edgy, and Dapper. Also linking to
CVE.
** Changed in: lighttpd (Ubuntu Feisty)
Status: Unconfirmed = Rejected
** Changed in: lighttpd (Ubuntu Edgy)
Assignee: (unassigned) = Kees Cook
Status: Unconfirmed = Fix Committed
** Changed in:
+1 for new dapper-proposed.
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
Works and builds fine on dapper i386 (patch applied by hand).
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
Thanks for taking the time to report this bug and helping to make Ubuntu
better. If someone can prepare (and test) the fixes and attach debdiffs
that follow the [https://wiki.ubuntu.com/SecurityUpdateProcedures], I'd
be more than happy to get them uploaded.
** Visibility changed to: Public
**
I'll take a stab at it.
** Changed in: lighttpd (Ubuntu)
Assignee: (unassigned) = Scott Kitterman
Status: Confirmed = In Progress
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which
The relevant patches are already in the Feisty version, so no issue
there.
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
For the initial reporter, what version of Ubuntu are you running? I'll
prepare a package for that one first so you can test it.
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug
Running feisty as of couple of minutes ago. The changelog on
packages.ubuntu.com was outdated, thus I missed the fixed package. But I
can test on edgy/dapper nonetheless, I have plenty of virtual machines
around.
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You
OK. I can make i386 binaries or give you a source patch.
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
This is going to take a while because the Ubuntu repositories are
totally hammered by the Feisty release.
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
Debdiff for Edgy for testing.
** Attachment added: Edgy fix debdiff
http://librarian.launchpad.net/7351791/lighttpd-edgy.debdiff
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the
Dapper debdiff for testing. Note that only one of the two isses was
relevant to this version.
** Attachment added: Dapper fix debdiff
http://librarian.launchpad.net/7352259/dapper-httpd.patch
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug
Dapper-proposed debdiff for testing. Note that only one of the two isses
was relevant to this version.
** Attachment added: Dapper-proposed debdiff
http://librarian.launchpad.net/7352496/dapper-proposed-lighthttpd.debdiff
--
DoS-vulnerability in lighttpd
Here are the source changes for all the supported releases. If you need
me to build binaries for you (I can do -i386), let me know. Otherwise,
please test these and then let us know how it goes.
** Changed in: lighttpd (Ubuntu)
Assignee: Scott Kitterman = Fridtjof Busse
--
On Thu, Apr 19, 2007 at 06:48:33PM -, Scott Kitterman wrote:
Debdiff for Edgy for testing.
Hi Scott,
Thanks very much for getting the patches extracted. The lighttpd
package, however, uses the dpatch patch system. Instead of applying
the fixes inline, please use dpatch-edit-patch. For
33 matches
Mail list logo
