** Changed in: lighttpd (Ubuntu)
Status: Confirmed => Fix Released
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-b
dapper-proposed update uploaded.
** Tags added: verification-motu-needed
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-b
This time with the mention of the maintainer change removed from the
changelog
** Attachment added: "Updated patch for dapper-proposed"
http://librarian.launchpad.net/7556605/fixed-sru-security.debdiff
** Attachment removed: "Dapper-proposed Fix"
http://librarian.launchpad.net/7550426/
** Changed in: lighttpd (Ubuntu)
Status: Fix Released => Confirmed
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-b
** Changed in: lighttpd (Ubuntu)
Status: Confirmed => Fix Released
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-b
I've attached the dapper-proposed debdiff with the maintainer change
removed to be uploaded again.
** Attachment added: "Dapper-proposed Fix"
http://librarian.launchpad.net/7550426/lighttpd-dapper-proposed.debdiff
** Attachment removed: "Dapper-proposed debdiff"
http://librarian.launchpad.
Hi Scott,
Scott Kitterman [2007-05-03 11:52 -]:
> That update:
>
> https://launchpad.net/ubuntu/dapper/+source/lighttpd/1.4.11-3ubuntu3.1
>
> has been sitting in dapper-proposed since last November and lacks the
> fix for this issue. So the existing -proposed package has the
> vulnerability
The problem is that when this was reported, there was an updated for
Dapper sitting in dapper-proposed:
https://launchpad.net/ubuntu/dapper/+source/lighttpd
That update:
https://launchpad.net/ubuntu/dapper/+source/lighttpd/1.4.11-3ubuntu3.1
has been sitting in dapper-proposed since last Novembe
Martin, Scott's debdiff for a new dapper-proposed source upload contains
the fix in the dapper-security upload. The current dapper-proposed
source does /not/ contain this fix.
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you a
Scott, I don't understand -- If the -proposed package has the same
vulnerability fix, then it doesn't matter. If it fixes something
different, then it should not be treated in this bug report.
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notificati
Then that leaves us with a higher version numbered package in
dapper-proposed that is unpatched. If that SRU ever gets released we'll
re-introduce the vulnerability.
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a mem
Just for the record, I rejected the dapper-proposed upload because the
fix is already in -security.
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-
Package released to dapper-security. Thank you!
** Changed in: lighttpd (Ubuntu Dapper)
Status: Fix Committed => Fix Released
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bu
Updated packages released to -security. Thank you!
** Changed in: lighttpd (Ubuntu Edgy)
Status: Fix Committed => Fix Released
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the b
+1 for new dapper-proposed.
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/
Show state in Feisty (fixed already), Edgy, and Dapper. Also linking to
CVE.
** Changed in: lighttpd (Ubuntu Feisty)
Status: Unconfirmed => Rejected
** Changed in: lighttpd (Ubuntu Edgy)
Assignee: (unassigned) => Kees Cook
Status: Unconfirmed => Fix Committed
** Changed in: l
Also subscribing MOTU SRU because the fix impacts dapper-proposed.
** Changed in: lighttpd (Ubuntu)
Assignee: Scott Kitterman => (unassigned)
Status: In Progress => Confirmed
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification be
Dapper-proposed fix with dpatch attached.
** Attachment added: "Fix for dapper-proposed"
http://librarian.launchpad.net/7399547/lighttpd-dapper-proposed.debdiff
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member
Dapper fix with dpatch. Version number is due to the .1 already in
dapper proposed.
** Attachment added: "Dapper-security fix with dpatch"
http://librarian.launchpad.net/7399483/lighttpd-dapper-security.debdiff
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You recei
Updated patch for Edgy using the patch system. Pbuilt and verified in
the pbuilder log that the patches were applied. I can probide i386
binaries for testing if requested.
** Changed in: lighttpd (Ubuntu)
Assignee: Fridtjof Busse => Scott Kitterman
** Attachment added: "Edgy fix with dpatc
Works and builds fine on dapper i386 (patch applied by hand).
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ub
On Thu, Apr 19, 2007 at 06:48:33PM -, Scott Kitterman wrote:
> Debdiff for Edgy for testing.
Hi Scott,
Thanks very much for getting the patches extracted. The lighttpd
package, however, uses the "dpatch" patch system. Instead of applying
the fixes inline, please use "dpatch-edit-patch".
Here are the source changes for all the supported releases. If you need
me to build binaries for you (I can do -i386), let me know. Otherwise,
please test these and then let us know how it goes.
** Changed in: lighttpd (Ubuntu)
Assignee: Scott Kitterman => Fridtjof Busse
--
DoS-vulnerabil
Dapper-proposed debdiff for testing. Note that only one of the two isses
was relevant to this version.
** Attachment added: "Dapper-proposed debdiff"
http://librarian.launchpad.net/7352496/dapper-proposed-lighthttpd.debdiff
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/1076
Dapper debdiff for testing. Note that only one of the two isses was
relevant to this version.
** Attachment added: "Dapper fix debdiff"
http://librarian.launchpad.net/7352259/dapper-httpd.patch
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug noti
Debdiff for Edgy for testing.
** Attachment added: "Edgy fix debdiff"
http://librarian.launchpad.net/7351791/lighttpd-edgy.debdiff
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the b
This is going to take a while because the Ubuntu repositories are
totally hammered by the Feisty release.
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
u
OK. I can make i386 binaries or give you a source patch.
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu
Running feisty as of couple of minutes ago. The changelog on
packages.ubuntu.com was outdated, thus I missed the fixed package. But I
can test on edgy/dapper nonetheless, I have plenty of virtual machines
around.
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received
For the initial reporter, what version of Ubuntu are you running? I'll
prepare a package for that one first so you can test it.
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug con
The relevant patches are already in the Feisty version, so no issue
there.
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-
I'll take a stab at it.
** Changed in: lighttpd (Ubuntu)
Assignee: (unassigned) => Scott Kitterman
Status: Confirmed => In Progress
--
DoS-vulnerability in lighttpd
https://bugs.launchpad.net/bugs/107628
You received this bug notification because you are a member of Ubuntu
Bugs, whic
Thanks for taking the time to report this bug and helping to make Ubuntu
better. If someone can prepare (and test) the fixes and attach debdiffs
that follow the [https://wiki.ubuntu.com/SecurityUpdateProcedures], I'd
be more than happy to get them uploaded.
** Visibility changed to: Public
** Ch
33 matches
Mail list logo