Your message dated Fri, 20 Jul 2007 09:32:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#428368: fixed in lighttpd 1.4.15-1.1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: lighttpd
Version: 1.4.13-4etch1
Severity: grave
Debian stable's version of Lighttpd crashes in a similar way as
explained in this lighttpd trac ticket
http://trac.lighttpd.net/trac/ticket/1232
There seems to be other important bugs with fixes coming up in a new
version soon; I found the problem from rPath advisories posted on
full-disclosure
https://issues.rpath.com/browse/RPL-1550
https://issues.rpath.com/browse/RPL-1554
Just a heads-up to put this on the radar (the previous round of lighttpd
issues seemed to go unnoticed for almost a month), sorry to bother
you if you are already aware of the issues. I set the severity to grave
since it's (at least) a DoS vulnerability.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: arm (armv5tel)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-ixp4xx
Locale: LANG=C, LC_CTYPE=no_NO.ISO8859-1 (charmap=ISO-8859-1)
Versions of packages lighttpd depends on:
ii libattr1 2.4.32-1 Extended attribute shared library
ii libbz2-1.0 1.0.3-6 high-quality block-sorting file co
ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries
ii libldap2 2.1.30-13.3 OpenLDAP libraries
ii libpcre3 6.7-1 Perl 5 Compatible Regular Expressi
ii libssl0.9.8 0.9.8c-4 SSL shared libraries
ii lsb-base 3.1-23.1 Linux Standard Base 3.1 init scrip
ii mime-support 3.39-1 MIME files 'mime.types' & 'mailcap
ii zlib1g 1:1.2.3-13 compression library - runtime
Versions of packages lighttpd recommends:
pn php4-cgi | php5-cgi <none> (no description available)
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: lighttpd
Source-Version: 1.4.15-1.1
We believe that the bug you reported is fixed in the latest version of
lighttpd, which is due to be installed in the Debian FTP archive:
lighttpd-doc_1.4.15-1.1_all.deb
to pool/main/l/lighttpd/lighttpd-doc_1.4.15-1.1_all.deb
lighttpd-mod-cml_1.4.15-1.1_amd64.deb
to pool/main/l/lighttpd/lighttpd-mod-cml_1.4.15-1.1_amd64.deb
lighttpd-mod-magnet_1.4.15-1.1_amd64.deb
to pool/main/l/lighttpd/lighttpd-mod-magnet_1.4.15-1.1_amd64.deb
lighttpd-mod-mysql-vhost_1.4.15-1.1_amd64.deb
to pool/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.15-1.1_amd64.deb
lighttpd-mod-trigger-b4-dl_1.4.15-1.1_amd64.deb
to pool/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.15-1.1_amd64.deb
lighttpd-mod-webdav_1.4.15-1.1_amd64.deb
to pool/main/l/lighttpd/lighttpd-mod-webdav_1.4.15-1.1_amd64.deb
lighttpd_1.4.15-1.1.diff.gz
to pool/main/l/lighttpd/lighttpd_1.4.15-1.1.diff.gz
lighttpd_1.4.15-1.1.dsc
to pool/main/l/lighttpd/lighttpd_1.4.15-1.1.dsc
lighttpd_1.4.15-1.1_amd64.deb
to pool/main/l/lighttpd/lighttpd_1.4.15-1.1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pierre Habouzit <[EMAIL PROTECTED]> (supplier of updated lighttpd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 20 Jul 2007 11:04:07 +0200
Source: lighttpd
Binary: lighttpd-mod-mysql-vhost lighttpd-mod-cml lighttpd-doc
lighttpd-mod-trigger-b4-dl lighttpd lighttpd-mod-webdav lighttpd-mod-magnet
Architecture: source amd64 all
Version: 1.4.15-1.1
Distribution: unstable
Urgency: low
Maintainer: Debian lighttpd maintainers <[EMAIL PROTECTED]>
Changed-By: Pierre Habouzit <[EMAIL PROTECTED]>
Description:
lighttpd - A fast webserver with minimal memory footprint
lighttpd-doc - Documentation for lighttpd
lighttpd-mod-cml - Cache meta language module for lighttpd
lighttpd-mod-magnet - Control the request handling module for lighttpd
lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd
lighttpd-mod-trigger-b4-dl - Anti-deep-linking module for lighttpd
lighttpd-mod-webdav - WebDAV module for lighttpd
Closes: 428368
Changes:
lighttpd (1.4.15-1.1) unstable; urgency=low
.
* Non-maintainer upload.
* add patches/04_wrapping_headers_bugfix.dpatch to fix crash with wrapping
headers (Closes: 428368).
Files:
c53023c493cab557059d8fe32239e6f4 1136 web optional lighttpd_1.4.15-1.1.dsc
f851363fc121ca0479e6fa4bd9c154e2 20333 web optional lighttpd_1.4.15-1.1.diff.gz
8f626eb91d5e707ac56c421cf878ffdb 103176 doc optional
lighttpd-doc_1.4.15-1.1_all.deb
a6163ac043841ef89332d103e218893d 300236 web optional
lighttpd_1.4.15-1.1_amd64.deb
474dfdbba663a5f2382fe8b205ec08a6 60460 web optional
lighttpd-mod-mysql-vhost_1.4.15-1.1_amd64.deb
5209ec8730e01d73af9b93615fdfcfb2 62076 web optional
lighttpd-mod-trigger-b4-dl_1.4.15-1.1_amd64.deb
0d24861849d1eaab9a71f216dfe77000 65560 web optional
lighttpd-mod-cml_1.4.15-1.1_amd64.deb
dcadf9c9955bac711521231f5b8131f5 65254 web optional
lighttpd-mod-magnet_1.4.15-1.1_amd64.deb
9aa43dc2b992dc0abb318a02d2cda054 71662 web optional
lighttpd-mod-webdav_1.4.15-1.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGoHt7vGr7W6HudhwRAiKyAKCoCL7BAEvvap0kORryicXJL5k/sgCdFfcT
i7nMMTtwKD2X4tlUlG2sCHk=
=6hZl
-----END PGP SIGNATURE-----
--- End Message ---
