Debian Bug report logs -
#787132
lighttpd: CVE-2015-3200
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>:
Bug#787132; Package src:lighttpd.
(Thu, 28 May 2015 21:54:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>.
(Thu, 28 May 2015 21:54:09 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: lighttpd
Severity: important
Tags: security
Hi,
please see
http://jaanuskp.blogspot.com/2015/05/cve-2015-3200.html
http://redmine.lighttpd.net/issues/2646
Cheers,
Moritz
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Fri, 29 May 2015 03:12:04 GMT) (full text, mbox, link).
Changed Bug title to 'lighttpd: CVE-2015-3200' from 'CVE-2015-3200'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Fri, 29 May 2015 03:12:04 GMT) (full text, mbox, link).
Marked as found in versions lighttpd/1.4.35-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Fri, 29 May 2015 03:12:05 GMT) (full text, mbox, link).
Reply sent
to Michael Gilbert <mgilbert@debian.org>:
You have taken responsibility.
(Sun, 06 Sep 2015 06:06:06 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Sun, 06 Sep 2015 06:06:06 GMT) (full text, mbox, link).
Message #18 received at 787132-close@bugs.debian.org (full text, mbox, reply):
Source: lighttpd
Source-Version: 1.4.37-1
We believe that the bug you reported is fixed in the latest version of
lighttpd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 787132@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated lighttpd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 06 Sep 2015 05:37:20 +0000
Source: lighttpd
Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet lighttpd-mod-webdav
Architecture: source
Version: 1.4.37-1
Distribution: unstable
Urgency: medium
Maintainer: Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
lighttpd - fast webserver with minimal memory footprint
lighttpd-doc - documentation for lighttpd
lighttpd-mod-cml - cache meta language module for lighttpd
lighttpd-mod-magnet - control the request handling module for lighttpd
lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd
lighttpd-mod-trigger-b4-dl - anti-deep-linking module for lighttpd
lighttpd-mod-webdav - WebDAV module for lighttpd
Closes: 787132
Changes:
lighttpd (1.4.37-1) unstable; urgency=medium
.
* New upstream release.
- Log file injection issue CVE-2015-3200 fixed (closes: #787132).
* Add a debian/clean file.
* Drop upstreamed patches.
* Add upstream signing key.
* Update standards version.
* Apply the non-maintainer upload.
Checksums-Sha1:
85199a4a70b0cc01815137d8a54632b61c0bc757 3480 lighttpd_1.4.37-1.dsc
46debf4aecebbb3e3c89244c4174d9dcca659e13 867644 lighttpd_1.4.37.orig.tar.gz
6bc0d7232d7f9a0c7b4f2897b35a61bf5c2a8d8b 41452 lighttpd_1.4.37-1.debian.tar.xz
Checksums-Sha256:
2002547425d0c111d2dc2491af9c5d70305351ea40d3b82e7500b5b38addc835 3480 lighttpd_1.4.37-1.dsc
db6107396fbf8f37f9c6a7e6445c4e67bb6c12bcc9fd2a305da9a6b8b2c68515 867644 lighttpd_1.4.37.orig.tar.gz
1a798defd19c03d22054bd1697c578641f957b2ceb7e54018de9c3734ea22da5 41452 lighttpd_1.4.37-1.debian.tar.xz
Files:
235cd95836ccd4b936b3e6d1bb8e6be3 3480 httpd optional lighttpd_1.4.37-1.dsc
f2b33c161df9be9b12b6a13b33a66ea5 867644 httpd optional lighttpd_1.4.37.orig.tar.gz
d00eb88e70894196abe58ae9026e7204 41452 httpd optional lighttpd_1.4.37-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQQcBAEBCgAGBQJV69W9AAoJELjWss0C1vRz2iQf/ingJySEe3IWkz+UvKranvrX
3in4h7/dh/u/BIRw9Tj7Y6EusvLkMMRWqTMmSaZttaQXyWG7wkwbXXWlEEthLnxC
hrnCf3U91AZ2Fs1Mp5a8eqsR8LyZb+0tkrcEG9qPakq1PUOOOAkmJyCHNdwWKQqG
5cWXra9133c7wxcHu4q7ArbjTIo5ylpG3IDvNpE9Lmi9d0b46g0sA+sI6KqWr46Z
TSPqWMGr7f+h/pdGjtiZDocUNl56klm+i2Fj/3PXkPS6oVeWAMdySV01TbiT08ye
HpEpIKmoj1fjOLShTq+tqKJyZv/T/OPNKWlV0lra9Tunx+2HXS5PJ0cacO/Gw5SN
E+5vd5xq0Tyqe99j8sGsueRI09cztzXR2wMqxsfHpvMVKbOuPslqvOsy5foDNLTH
xVQfGgN+Z8q2vOhHwmyJgyRm6FvmMRzMfVS0Y6tzfksefUQZo3ket5ckn9EfUkFL
SjMDtSSvBGo+2qO7kzbUMau7zDu2HWmVp8HZ5UVrMb0mEVhsZikF7LRK9B+/GRj7
PGt/oAjebMQeJXHMNnYUBLyqoJE2PNPtLoQh47AKmrdlwKk8WJC1JqHwi350Tf7i
T/reUXB+Lf2YOwG0+F8yWF5Y3mMFmaC02Hoz+L8kjbQ8Sk8AKPB6K0T+QniES9+P
b45RhqyeBqvB8ZeVRDF8+as3ttinB0KMCDY08IF7Km1X4YkQ3jc5Cppj5cfN3yxd
ASLPGESEX3R69a+xUc2X9PGB5KxjkY3zSjwDXUtZSYbqrDucUF5mIk4i6vaEKZgs
QQ7gPTBo+MKDPP4LQwif6NpJ77VEMkMNstmnX2L/xQ8RcwooNa3naE3Inj02A4xD
B4k4ydMS8YYCB+/X+BsfQxJB7NVYoqDrrAk5ztZiTnUJbsfb54acZa847ZIgLPi8
WzTV3SFYb2vremmLWa5GTjAOblv7u7PL3Iadnp3pNKAk4aaBNAYN440JjTGOfqhG
qs1lHAxRv4fFEhPTGgul0lbDCe4ILCKm5JZykG9AeHcw+ZnNmLoQ8vHf1mMFXIlq
7BGwJlUxDagN9yseW5PMyIG4UBsrva2q7vEBjd0dAZEvWIQwjyT5qPoy6RtVOs+M
GURwwwjl1e3X/lZH54BA/EWUXGpC1RsKEPJ8Ava7RaI2LdyDGgQ7Een8wNnhcsii
hw+eNN7/z4iTp9mJeFiQW6PYTrHFNgScPW1eJ69ZuSyRjhlfC4usmAN4z1aX5pXh
NMDsVDiCpJc0NnPIuzC67WnweDyXbsXoQF+0ZxuLWk01LxefcuTJ77mDfc33i7LJ
FgKIyuGJHWFsLqyYCzPd/o4YBuDMiggCkD+VeRFxaP3dGJ4ffFEdqwYZ1Lt9EEQ=
=3+WS
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 09 Oct 2015 07:30:43 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:30:48 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon