*** This bug is a duplicate of bug 209627 ***
https://bugs.launchpad.net/bugs/209627
** This bug has been marked a duplicate of bug 209627
lighttpd (security) ssl fix
--
new lighttpd security fixes
https://bugs.launchpad.net/bugs/279490
You received this bug notification because you are a
Not for servers it isn't.
** Changed in: lighttpd (Ubuntu Dapper)
Status: Invalid => Confirmed
--
new lighttpd security fixes
https://bugs.launchpad.net/bugs/279490
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs
Dapper Drake 6.06 reached End Of Life. Feel free to reopen, if you are
affected by this bug.
** Changed in: lighttpd (Ubuntu Dapper)
Status: Confirmed => Invalid
--
new lighttpd security fixes
https://bugs.launchpad.net/bugs/279490
You received this bug notification because you are a memb
Intrepid Ibex reached end-of-life on 30 April 2010 so I am closing the
report. The bug has been fixed in newer releases of Ubuntu.
** Changed in: lighttpd (Ubuntu Intrepid)
Status: Confirmed => Invalid
--
new lighttpd security fixes
https://bugs.launchpad.net/bugs/279490
You received thi
** Branch linked: lp:ubuntu/hardy-security/lighttpd
--
new lighttpd security fixes
https://bugs.launchpad.net/bugs/279490
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://l
The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life -
http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the
Gutsy task.
** Changed in: lighttpd (Ubuntu Gutsy)
Status: Confirmed => Won't Fix
--
new lighttpd security fixes
https://bugs.launch
This bug was fixed in the package lighttpd - 1.4.19-0ubuntu3.1
---
lighttpd (1.4.19-0ubuntu3.1) hardy-security; urgency=low
* SECURITY UPDATE: (LP: #279490)
+ debian/patches/93_CVE-2008-4298.dpatch
- Fix memory leak in request header handling
+ debian/patches/95_CVE-2008-4
Marcin,
Thanks for your debdiff! I have uploaded the package to the security ppa, with
two changes:
1. the version did not comply with
https://wiki.ubuntu.com/SecurityUpdateProcedures, so I changed it
2. I removed the unapplied patch for CVE-2008-4359 to avoid confusion in the
future.
** Chan
Marking Hardy task as 'In Progress' according to
https://wiki.ubuntu.com/SecurityUpdateProcedures. Please when submitting
debdiffs, mark the corresponding task as 'In Progress'. This will help
the security team track patches.
** Changed in: lighttpd (Ubuntu Hardy)
Status: Incomplete => In P
Hi,
I'm attaching new version of debdiff. Two changes there:
- Added brief notes about whats being fixed (if it's too short I can write
something longer)
- Removed fix for CVE-2008-4359 from the patch list (patch is still there, it's
just not applied) - it's known to cause regressions and it has
@Marcin: the patch looks pretty good. normally we explicitly describe
the changes being made after the 'SECURITY UPDATE:' part of the
changelog. Have you tested this package on hardy (does it continue to
server pages correctly, for example)?
** Changed in: lighttpd (Ubuntu Hardy)
Status:
Marking Hardy task as 'In Progress' according to
https://wiki.ubuntu.com/SecurityUpdateProcedures.
** Changed in: lighttpd (Ubuntu Hardy)
Status: Confirmed => In Progress
--
new lighttpd security fixes
https://bugs.launchpad.net/bugs/279490
You received this bug notification because you a
1.4.19-5 is not affected.
** Changed in: lighttpd (Ubuntu Dapper)
Status: New => Confirmed
** Changed in: lighttpd (Ubuntu Gutsy)
Status: New => Confirmed
** Changed in: lighttpd (Ubuntu Hardy)
Status: New => Confirmed
** Changed in: lighttpd (Ubuntu Intrepid)
Status
I'm attaching debdiff for patched lighttpd package.
P.S. It's my first patch for .deb package so please tell me if there's
anything wrong with it.
** Attachment added: "Security fixes for hardy's lighttpd package."
http://launchpadlibrarian.net/23420518/lighttpd-1.4.19.debdiff
--
new lighttp
These bugs are already fixed in Debian packages. Is there any ETA on
that? Hardy's package still seems to be affected.
--
new lighttpd security fixes
https://bugs.launchpad.net/bugs/279490
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
The new issues are the following CVEs:
- CVE-2008-4298
- CVE-2008-4359
- CVE-2008-4360
** Changed in: lighttpd (Ubuntu)
Status: New => Confirmed
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-4298
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008
I'm unsetting this from being a duplicate of #209627
The other issue #209627 has been fixed on 2008-04-18, but the new issues are
from September 30th, 2008 and still unfixed!
** This bug is no longer a duplicate of bug 209627
lighttpd (security) ssl fix
--
new lighttpd security fixes
https
*** This bug is a duplicate of bug 209627 ***
https://bugs.launchpad.net/bugs/209627
** This bug has been marked a duplicate of bug 209627
lighttpd (security) ssl fix
--
new lighttpd security fixes
https://bugs.launchpad.net/bugs/279490
You received this bug notification because you are a
Any news on this?
--
new lighttpd security fixes
https://bugs.launchpad.net/bugs/279490
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/u
CVE-2008-1531 has been fixed again
the other three aren't tracked with CVE
all four security fixes have patches agains 1.4.19 alternatively.
they don't seem to be integrated yet.
** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1531
--
new lighttpd security fixes
https://b
20 matches
Mail list logo