[Bug 1246886] Re: Please merge lighttpd (1.4.33-1) from Debian testing

Thu, 07 Nov 2013 04:21:11 -0800 

This bug was fixed in the package lighttpd - 1.4.33-1ubuntu1

---------------
lighttpd (1.4.33-1ubuntu1) trusty; urgency=low

  * Merge from Debian unstable (LP: #1246886).  Remaining changes:
    - debian/index.html: corrected BTS Ubuntu link for lighttpd.
    - debian/index.html: s/Debian/Ubuntu/g branding on the default page.
    - debian/lighttpd.conf: Comment 'use-ipv6.pl' by default, which causes
      failure to bind port in ipv4.
    - Add lighttpd-dev package:
      + debian/control: Added lighttpd-dev package; Build-depends on
        automake (>=1.14), libtool.
      + debian/lighttpd-dev.install: Added.
    - debian/control: libgamin-dev rather than libfam-dev to fix startup 
warning.
    - debian/rules: Add override_dh_installinit to set "defaults 91 09" to not
      start before apache2 but in the same runlevel with the same priority.
    - Added a UFW profile set:
      + debian/lighttpd.dirs: added etc/ufw/applications.d
      + debian/rules: install the ufw profile.
      + debian/control: Suggests on ufw.
    - debian/patches/build-dev-package.patch: Updated to reflect 1.4.33 changes.

lighttpd (1.4.33-1) unstable; urgency=low

  * Drop the connection-dos.patch - merged upstream.
  * Fix "mod_extforward missing configuration file": ship requested
    configuration file (Closes: #697304)
  * Remove access.conf, an obsolete conffiles as we should have done since
    2010 (Closes: #703215)
  * Push debhelper's compat mode to 9, the use of maintscript helper requires
    8.1 so we had to push the debhelper b-d anyway.
  * Fix "config.guess/config.sub out of date for arm64" by adding the patch
    provided by Colin Watson. Thanks (Closes: #726394).
  * Fix "[PATCH] use dh-systemd for proper systemd-related maintscripts" to
    add systemd support. Thanks to Michael Stapelberg (Closes: #713859)

lighttpd (1.4.31-4) unstable; urgency=high

  * CVE-2013-1427: Switch the socket path for PHP when using FastCGI. /tmp is
    world-writable which may cause security implications if an attacker
    manages to control /tmp/php.socket before the web server (re-)starts.
  * Switch VCS to git
  * Push standards version (no changes)
 -- Mattia Rizzolo <mapr...@ubuntu.com>   Wed, 30 Oct 2013 15:52:50 +0100

** Changed in: lighttpd (Ubuntu)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-1427

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1246886

Title:
  Please merge lighttpd (1.4.33-1) from Debian testing

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/1246886/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to