Thanks for you bug reports. The two security fixes have already been
applied in our repository before the release. It is described in the
changelog:
lighttpd (1.4.13-9ubuntu4) feisty; urgency=low
* Added LDAP connection leak fix from Debian (Bug: #413917)
- debian/patches/03_ldap_leak_bugfix.dpatch
* Added security fixes from 1.4.14 (Closes LP: #106416)
- Remote DOS in CRLF parsing (CVE-2007-1869)
debian/patches/04_security_crlf_parsing_dos.dpatch
- DOS with files with mtime 0 (CVE-2007-1870)
debian/patches/05_security_zero_mtime_crash.dpatch
-- Lukas Fittl <[EMAIL PROTECTED]> Sat, 14 Apr 2007 05:26:10 +0200
** Changed in: lighttpd (Ubuntu)
Status: Unconfirmed => Rejected
--
Lighttpd in repository is outdated (security!)
https://bugs.launchpad.net/bugs/119727
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
