Your message dated Tue, 09 Feb 2010 17:36:54 +0000
with message-id <e1neu18-00017n...@ries.debian.org>
and subject line Bug#568735: fixed in lighttpd 1.4.26-1
has caused the Debian Bug report #568735,
regarding lighttpd: Security Announce: slow request DoS/OOM attack
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
568735: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=568735
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: lighttpd
Version: 1.4.25-1
Severity: critical
Hi,
http://www.debian.org/security/2010/dsa-1987
doesn't appear to be fixed in unstable yet.
Olaf
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable'), (1, 'unstable'), (1, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages lighttpd depends on:
ii libattr1 1:2.4.43-2 Extended attribute shared library
ii libbz2-1.0 1.0.5-1 high-quality block-sorting file co
ii libc6 2.7-18lenny2 GNU C Library: Shared libraries
ii libfam0 2.7.0-13.3+lenny1 Client library to control the FAM
ii libldap-2.4-2 2.4.11-1+lenny1 OpenLDAP libraries
ii libpcre3 7.8-2+b1 Perl 5 Compatible Regular Expressi
ii libssl0.9.8 0.9.8k-7 SSL shared libraries
ii libterm-readline-perl- 1.0302-1 Perl implementation of Readline li
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
ii mime-support 3.44-1 MIME files 'mime.types' & 'mailcap
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
Versions of packages lighttpd recommends:
ii spawn-fcgi 1.6.2-3 A fastcgi process spawner
Versions of packages lighttpd suggests:
ii apache2-utils 2.2.9-10+lenny6 utility programs for webservers
ii openssl 0.9.8g-15+lenny6 Secure Socket Layer (SSL) binary a
pn rrdtool <none> (no description available)
-- debconf-show failed
--- End Message ---
--- Begin Message ---
Source: lighttpd
Source-Version: 1.4.26-1
We believe that the bug you reported is fixed in the latest version of
lighttpd, which is due to be installed in the Debian FTP archive:
lighttpd-doc_1.4.26-1_all.deb
to main/l/lighttpd/lighttpd-doc_1.4.26-1_all.deb
lighttpd-mod-cml_1.4.26-1_i386.deb
to main/l/lighttpd/lighttpd-mod-cml_1.4.26-1_i386.deb
lighttpd-mod-magnet_1.4.26-1_i386.deb
to main/l/lighttpd/lighttpd-mod-magnet_1.4.26-1_i386.deb
lighttpd-mod-mysql-vhost_1.4.26-1_i386.deb
to main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.26-1_i386.deb
lighttpd-mod-trigger-b4-dl_1.4.26-1_i386.deb
to main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.26-1_i386.deb
lighttpd-mod-webdav_1.4.26-1_i386.deb
to main/l/lighttpd/lighttpd-mod-webdav_1.4.26-1_i386.deb
lighttpd_1.4.26-1.diff.gz
to main/l/lighttpd/lighttpd_1.4.26-1.diff.gz
lighttpd_1.4.26-1.dsc
to main/l/lighttpd/lighttpd_1.4.26-1.dsc
lighttpd_1.4.26-1_i386.deb
to main/l/lighttpd/lighttpd_1.4.26-1_i386.deb
lighttpd_1.4.26.orig.tar.gz
to main/l/lighttpd/lighttpd_1.4.26.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 568...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Krzysztof Krzyżaniak (eloy) <e...@debian.org> (supplier of updated lighttpd
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 09 Feb 2010 18:02:13 +0100
Source: lighttpd
Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost
lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet
lighttpd-mod-webdav
Architecture: source i386 all
Version: 1.4.26-1
Distribution: unstable
Urgency: low
Maintainer: Debian lighttpd maintainers
<pkg-lighttpd-maintain...@lists.alioth.debian.org>
Changed-By: Krzysztof Krzyżaniak (eloy) <e...@debian.org>
Description:
lighttpd - A fast webserver with minimal memory footprint
lighttpd-doc - Documentation for lighttpd
lighttpd-mod-cml - Cache meta language module for lighttpd
lighttpd-mod-magnet - Control the request handling module for lighttpd
lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd
lighttpd-mod-trigger-b4-dl - Anti-deep-linking module for lighttpd
lighttpd-mod-webdav - WebDAV module for lighttpd
Closes: 539955 568735
Changes:
lighttpd (1.4.26-1) unstable; urgency=low
.
* New upstream release (closes: #568735)
* Use provided patch from Andres Rodriguez <andres...@ubuntu.com>
to implement status action in init.d script (closes: #539955)
Checksums-Sha1:
703f7855f58c3fb92a37530c0da8546f94af8cca 1652 lighttpd_1.4.26-1.dsc
c22642dc3616043293fb895b9f049b9270dbb2a0 780352 lighttpd_1.4.26.orig.tar.gz
4a3eec141cdfdce318fd98dc96a26256cdfa5b97 24066 lighttpd_1.4.26-1.diff.gz
51378573f27fe1811eccc7b91845ae4a73c3f401 277186 lighttpd_1.4.26-1_i386.deb
ab27c953718e4211812c9acb5574ac7acfde9732 16148
lighttpd-mod-mysql-vhost_1.4.26-1_i386.deb
fa011e98083aa4115c7e85291d331264db2490db 17882
lighttpd-mod-trigger-b4-dl_1.4.26-1_i386.deb
d75c8f1dc89006633453ea44ef8062863b5d4235 20702
lighttpd-mod-cml_1.4.26-1_i386.deb
af03a7852b29c5382231600b9ca95f66cf69323d 21840
lighttpd-mod-magnet_1.4.26-1_i386.deb
c1c2b168b67993dafd971b0a00de25e8996e0eef 28452
lighttpd-mod-webdav_1.4.26-1_i386.deb
0cae259ba47c2f00a842cf1ec54972483564bd2c 60726 lighttpd-doc_1.4.26-1_all.deb
Checksums-Sha256:
45491783f18da8a7952fca78bdb360b6bbee3abcaa5e55649615a0b93f889b3a 1652
lighttpd_1.4.26-1.dsc
08fc11864a0ad6d2871f32e6d0b0eaeb070f78698a72959f812526173145986e 780352
lighttpd_1.4.26.orig.tar.gz
ffbe0fc9e32683a8c7404547e91c9d08c36b93d3ac37b78979ab54a8daff2243 24066
lighttpd_1.4.26-1.diff.gz
bab46be8a7fc8b96b1cc4d543d3b3e1d19e06475f3a8b8c7319fca69be4739af 277186
lighttpd_1.4.26-1_i386.deb
377b17d7d0b1dd5748ffdc7a24964fd9403375ce0b17eaf1a2e79019e9bb8beb 16148
lighttpd-mod-mysql-vhost_1.4.26-1_i386.deb
01ed6336fe2968bfb335638e353706f5dd67adff8b01df8d6c38004006148bdb 17882
lighttpd-mod-trigger-b4-dl_1.4.26-1_i386.deb
c7f692198eb083eae8725f7d7e1ec3e07a069a4608cdd13e736026739059a37a 20702
lighttpd-mod-cml_1.4.26-1_i386.deb
966f22e0d70bc5b38983c8938700e0dabfc2cf1c9483f7ca7a8f931f8e7e42aa 21840
lighttpd-mod-magnet_1.4.26-1_i386.deb
4c3b460798553beaa6c4a519ff68ee930e1372324ed0f7d5131538b0e8f9a320 28452
lighttpd-mod-webdav_1.4.26-1_i386.deb
e0e9bc5bdf2558ca1350e364fdb5dd3f80ca76ea9723457afe74705ce54a76c7 60726
lighttpd-doc_1.4.26-1_all.deb
Files:
304bd5ec9ca0adaeac3198ad456ac4bd 1652 web optional lighttpd_1.4.26-1.dsc
3ce5be17a4dac3c384a8a452c664b840 780352 web optional
lighttpd_1.4.26.orig.tar.gz
88ede7d9d6538033d532e567182a9895 24066 web optional lighttpd_1.4.26-1.diff.gz
e131ca033878294597aec1c07be231a6 277186 web optional lighttpd_1.4.26-1_i386.deb
7f006ffa2ecde9c6972df2364c65cd49 16148 web optional
lighttpd-mod-mysql-vhost_1.4.26-1_i386.deb
6f89d1bc8fd0b342f8e355bedf80435a 17882 web optional
lighttpd-mod-trigger-b4-dl_1.4.26-1_i386.deb
e512f59efe7156004ae0bf7020ad69ef 20702 web optional
lighttpd-mod-cml_1.4.26-1_i386.deb
d862af944c6bf666857e54cb16b35c9b 21840 web optional
lighttpd-mod-magnet_1.4.26-1_i386.deb
de154a5adc94b647396ada50eac842d7 28452 web optional
lighttpd-mod-webdav_1.4.26-1_i386.deb
cbc3f873f6710bd0d523525159b584d1 60726 doc optional
lighttpd-doc_1.4.26-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAktxmz0ACgkQy+HP4f7iC8tSnwCePKqAIiexCUlViNwtqXtrb/Qo
QpcAn2Tc/V/yyL+VsSdI3l0kECfw89ww
=gWVu
-----END PGP SIGNATURE-----
--- End Message ---