Dapper Drake 6.06 reached End Of Life. Feel free to reopen, if you are
affected by this bug.
** Changed in: lighttpd (Ubuntu Dapper)
Status: Confirmed = Invalid
--
new lighttpd security fixes
https://bugs.launchpad.net/bugs/279490
You received this bug notification because you are a
Not for servers it isn't.
** Changed in: lighttpd (Ubuntu Dapper)
Status: Invalid = Confirmed
--
new lighttpd security fixes
https://bugs.launchpad.net/bugs/279490
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs
*** This bug is a duplicate of bug 209627 ***
https://bugs.launchpad.net/bugs/209627
** This bug has been marked a duplicate of bug 209627
lighttpd (security) ssl fix
--
new lighttpd security fixes
https://bugs.launchpad.net/bugs/279490
You received this bug notification because you are
Intrepid Ibex reached end-of-life on 30 April 2010 so I am closing the
report. The bug has been fixed in newer releases of Ubuntu.
** Changed in: lighttpd (Ubuntu Intrepid)
Status: Confirmed = Invalid
--
new lighttpd security fixes
https://bugs.launchpad.net/bugs/279490
You received
** Branch linked: lp:ubuntu/hardy-security/lighttpd
--
new lighttpd security fixes
https://bugs.launchpad.net/bugs/279490
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life -
http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the
Gutsy task.
** Changed in: lighttpd (Ubuntu Gutsy)
Status: Confirmed = Won't Fix
--
new lighttpd security fixes
Marcin,
Thanks for your debdiff! I have uploaded the package to the security ppa, with
two changes:
1. the version did not comply with
https://wiki.ubuntu.com/SecurityUpdateProcedures, so I changed it
2. I removed the unapplied patch for CVE-2008-4359 to avoid confusion in the
future.
**
This bug was fixed in the package lighttpd - 1.4.19-0ubuntu3.1
---
lighttpd (1.4.19-0ubuntu3.1) hardy-security; urgency=low
* SECURITY UPDATE: (LP: #279490)
+ debian/patches/93_CVE-2008-4298.dpatch
- Fix memory leak in request header handling
+
Hi,
I'm attaching new version of debdiff. Two changes there:
- Added brief notes about whats being fixed (if it's too short I can write
something longer)
- Removed fix for CVE-2008-4359 from the patch list (patch is still there, it's
just not applied) - it's known to cause regressions and it
Marking Hardy task as 'In Progress' according to
https://wiki.ubuntu.com/SecurityUpdateProcedures. Please when submitting
debdiffs, mark the corresponding task as 'In Progress'. This will help
the security team track patches.
** Changed in: lighttpd (Ubuntu Hardy)
Status: Incomplete = In
@Marcin: the patch looks pretty good. normally we explicitly describe
the changes being made after the 'SECURITY UPDATE:' part of the
changelog. Have you tested this package on hardy (does it continue to
server pages correctly, for example)?
** Changed in: lighttpd (Ubuntu Hardy)
Status:
1.4.19-5 is not affected.
** Changed in: lighttpd (Ubuntu Dapper)
Status: New = Confirmed
** Changed in: lighttpd (Ubuntu Gutsy)
Status: New = Confirmed
** Changed in: lighttpd (Ubuntu Hardy)
Status: New = Confirmed
** Changed in: lighttpd (Ubuntu Intrepid)
Status:
Marking Hardy task as 'In Progress' according to
https://wiki.ubuntu.com/SecurityUpdateProcedures.
** Changed in: lighttpd (Ubuntu Hardy)
Status: Confirmed = In Progress
--
new lighttpd security fixes
https://bugs.launchpad.net/bugs/279490
You received this bug notification because you
I'm attaching debdiff for patched lighttpd package.
P.S. It's my first patch for .deb package so please tell me if there's
anything wrong with it.
** Attachment added: Security fixes for hardy's lighttpd package.
http://launchpadlibrarian.net/23420518/lighttpd-1.4.19.debdiff
--
new lighttpd
These bugs are already fixed in Debian packages. Is there any ETA on
that? Hardy's package still seems to be affected.
--
new lighttpd security fixes
https://bugs.launchpad.net/bugs/279490
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I'm unsetting this from being a duplicate of #209627
The other issue #209627 has been fixed on 2008-04-18, but the new issues are
from September 30th, 2008 and still unfixed!
** This bug is no longer a duplicate of bug 209627
lighttpd (security) ssl fix
--
new lighttpd security fixes
The new issues are the following CVEs:
- CVE-2008-4298
- CVE-2008-4359
- CVE-2008-4360
** Changed in: lighttpd (Ubuntu)
Status: New = Confirmed
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-4298
** CVE added: http://www.cve.mitre.org/cgi-
*** This bug is a duplicate of bug 209627 ***
https://bugs.launchpad.net/bugs/209627
** This bug has been marked a duplicate of bug 209627
lighttpd (security) ssl fix
--
new lighttpd security fixes
https://bugs.launchpad.net/bugs/279490
You received this bug notification because you are
Any news on this?
--
new lighttpd security fixes
https://bugs.launchpad.net/bugs/279490
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
CVE-2008-1531 has been fixed again
the other three aren't tracked with CVE
all four security fixes have patches agains 1.4.19 alternatively.
they don't seem to be integrated yet.
** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1531
--
new lighttpd security fixes
20 matches
Mail list logo
