Your message dated Mon, 16 Apr 2007 17:17:06 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#419131: fixed in lighttpd 1.4.15-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: lighttpd
Version: 1.4.13-10
Severity: grave
Tags: security
Justification: user security hole
More details can be found at:
http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_01.txt
http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_02.txt
Add'l release notes:
http://www.lighttpd.net/download
The CRLF security fix prevents a potential DOS attack, and has no known
workaround.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.20.6-i386smp-ipt (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Versions of packages lighttpd depends on:
ii libattr1 1:2.4.32-1.1 Extended attribute shared library
di libbz2-1.0 1.0.3-6 high-quality block-sorting file co
di libc6 2.3.6.ds1-13 GNU C Library: Shared libraries
ii libldap2 2.1.30-13.4 OpenLDAP libraries
di libpcre3 6.7-1 Perl 5 Compatible Regular Expressi
di libssl0.9.8 0.9.8c-4 SSL shared libraries
ii lsb-base 3.1-23.1 Linux Standard Base 3.1 init scrip
ii mime-support 3.39-1 MIME files 'mime.types' & 'mailcap
di perl 5.8.8-7 Larry Wall's Practical Extraction
di zlib1g 1:1.2.3-13 compression library - runtime
Versions of packages lighttpd recommends:
pn php4-cgi | php5-cgi <none> (no description available)
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: lighttpd
Source-Version: 1.4.15-1
We believe that the bug you reported is fixed in the latest version of
lighttpd, which is due to be installed in the Debian FTP archive:
lighttpd-doc_1.4.15-1_all.deb
to pool/main/l/lighttpd/lighttpd-doc_1.4.15-1_all.deb
lighttpd-mod-cml_1.4.15-1_i386.deb
to pool/main/l/lighttpd/lighttpd-mod-cml_1.4.15-1_i386.deb
lighttpd-mod-magnet_1.4.15-1_i386.deb
to pool/main/l/lighttpd/lighttpd-mod-magnet_1.4.15-1_i386.deb
lighttpd-mod-mysql-vhost_1.4.15-1_i386.deb
to pool/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.15-1_i386.deb
lighttpd-mod-trigger-b4-dl_1.4.15-1_i386.deb
to pool/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.15-1_i386.deb
lighttpd-mod-webdav_1.4.15-1_i386.deb
to pool/main/l/lighttpd/lighttpd-mod-webdav_1.4.15-1_i386.deb
lighttpd_1.4.15-1.diff.gz
to pool/main/l/lighttpd/lighttpd_1.4.15-1.diff.gz
lighttpd_1.4.15-1.dsc
to pool/main/l/lighttpd/lighttpd_1.4.15-1.dsc
lighttpd_1.4.15-1_i386.deb
to pool/main/l/lighttpd/lighttpd_1.4.15-1_i386.deb
lighttpd_1.4.15.orig.tar.gz
to pool/main/l/lighttpd/lighttpd_1.4.15.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Krzysztof Krzyzaniak (eloy) <[EMAIL PROTECTED]> (supplier of updated lighttpd
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 06 Apr 2007 11:24:54 +0200
Source: lighttpd
Binary: lighttpd-mod-mysql-vhost lighttpd-mod-cml lighttpd-doc
lighttpd-mod-trigger-b4-dl lighttpd lighttpd-mod-webdav lighttpd-mod-magnet
Architecture: source i386 all
Version: 1.4.15-1
Distribution: unstable
Urgency: low
Maintainer: Debian lighttpd maintainers <[EMAIL PROTECTED]>
Changed-By: Krzysztof Krzyzaniak (eloy) <[EMAIL PROTECTED]>
Description:
lighttpd - A fast webserver with minimal memory footprint
lighttpd-doc - Documentation for lighttpd
lighttpd-mod-cml - Cache meta language module for lighttpd
lighttpd-mod-magnet - Control the request handling module for lighttpd
lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd
lighttpd-mod-trigger-b4-dl - Anti-deep-linking module for lighttpd
lighttpd-mod-webdav - WebDAV module for lighttpd
Closes: 419131
Changes:
lighttpd (1.4.15-1) unstable; urgency=low
.
* New upstream release (closes: #419131)
* 01_mod_fastcgi_missing_cleanup.dpatch is now in upstream so it's removed
from
patches
* 04_pidfile_bugfix.dpatch is now in upstream so it's removed from patches
Files:
a422a30d554e4c84db990a7978f6b167 1132 web optional lighttpd_1.4.15-1.dsc
a84509fdc6f9d3d6ead059bdba7264db 809229 web optional
lighttpd_1.4.15.orig.tar.gz
6fc5efbf6c7e32ac501c26e4e435ff8f 18945 web optional lighttpd_1.4.15-1.diff.gz
1d295b962be1dde29a6e669d6e71cbda 102082 doc optional
lighttpd-doc_1.4.15-1_all.deb
5fdc1004d842ff09fd318dfeaa80bd06 289562 web optional lighttpd_1.4.15-1_i386.deb
21f05d8c5c0c907312ded2be9a5cae66 60212 web optional
lighttpd-mod-mysql-vhost_1.4.15-1_i386.deb
6996e99977e2a32b65f2d01fe25b216e 61924 web optional
lighttpd-mod-trigger-b4-dl_1.4.15-1_i386.deb
712848839c0a6bb44a5cf0ce5fa4b2e4 64844 web optional
lighttpd-mod-cml_1.4.15-1_i386.deb
9ed5fe75967175ed79db0081be7a1f47 64630 web optional
lighttpd-mod-magnet_1.4.15-1_i386.deb
21377d30bef3131585e29c1858b24437 71966 web optional
lighttpd-mod-webdav_1.4.15-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGI6txy+HP4f7iC8sRAja5AJ9t2L9g3mTHQtxNCsi9ntTV5Q+veQCbBDY4
pfIQDdLQnbQPdBmbQDIPBGc=
=oRRG
-----END PGP SIGNATURE-----
--- End Message ---
