Your message dated Tue, 11 Sep 2007 12:17:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#441787: fixed in lighttpd 1.4.18-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: lighttpd
Version: 1.4.13-4etch1
Severity: critical
Tags: security
Justification: arbitrary code execution
Bug info:
http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
Patch:
http://www.lighttpd.net/download/lighttpd-1.4.x_mod_fastcgi_overrun.patch
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.19
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages lighttpd depends on:
ii libattr1 2.4.32-1 Extended attribute shared library
ii libbz2-1.0 1.0.3-6 high-quality block-sorting file co
ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries
ii libldap2 2.1.30-13.3 OpenLDAP libraries
ii libpcre3 6.7-1 Perl 5 Compatible Regular Expressi
ii libssl0.9.8 0.9.8c-4 SSL shared libraries
ii lsb-base 3.1-23.1 Linux Standard Base 3.1 init scrip
ii mime-support 3.39-1 MIME files 'mime.types' & 'mailcap
ii zlib1g 1:1.2.3-13 compression library - runtime
Versions of packages lighttpd recommends:
ii php5-cgi 5.2.3-0.dotdeb.0 server-side, HTML-embedded scripti
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: lighttpd
Source-Version: 1.4.18-1
We believe that the bug you reported is fixed in the latest version of
lighttpd, which is due to be installed in the Debian FTP archive:
lighttpd-doc_1.4.18-1_all.deb
to pool/main/l/lighttpd/lighttpd-doc_1.4.18-1_all.deb
lighttpd-mod-cml_1.4.18-1_i386.deb
to pool/main/l/lighttpd/lighttpd-mod-cml_1.4.18-1_i386.deb
lighttpd-mod-magnet_1.4.18-1_i386.deb
to pool/main/l/lighttpd/lighttpd-mod-magnet_1.4.18-1_i386.deb
lighttpd-mod-mysql-vhost_1.4.18-1_i386.deb
to pool/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.18-1_i386.deb
lighttpd-mod-trigger-b4-dl_1.4.18-1_i386.deb
to pool/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.18-1_i386.deb
lighttpd-mod-webdav_1.4.18-1_i386.deb
to pool/main/l/lighttpd/lighttpd-mod-webdav_1.4.18-1_i386.deb
lighttpd_1.4.18-1.diff.gz
to pool/main/l/lighttpd/lighttpd_1.4.18-1.diff.gz
lighttpd_1.4.18-1.dsc
to pool/main/l/lighttpd/lighttpd_1.4.18-1.dsc
lighttpd_1.4.18-1_i386.deb
to pool/main/l/lighttpd/lighttpd_1.4.18-1_i386.deb
lighttpd_1.4.18.orig.tar.gz
to pool/main/l/lighttpd/lighttpd_1.4.18.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Krzysztof Krzyzaniak (eloy) <[EMAIL PROTECTED]> (supplier of updated lighttpd
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 11 Sep 2007 12:45:11 +0200
Source: lighttpd
Binary: lighttpd-mod-mysql-vhost lighttpd-mod-cml lighttpd-doc
lighttpd-mod-trigger-b4-dl lighttpd lighttpd-mod-webdav lighttpd-mod-magnet
Architecture: source i386 all
Version: 1.4.18-1
Distribution: unstable
Urgency: low
Maintainer: Debian lighttpd maintainers <[EMAIL PROTECTED]>
Changed-By: Krzysztof Krzyzaniak (eloy) <[EMAIL PROTECTED]>
Description:
lighttpd - A fast webserver with minimal memory footprint
lighttpd-doc - Documentation for lighttpd
lighttpd-mod-cml - Cache meta language module for lighttpd
lighttpd-mod-magnet - Control the request handling module for lighttpd
lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd
lighttpd-mod-trigger-b4-dl - Anti-deep-linking module for lighttpd
lighttpd-mod-webdav - WebDAV module for lighttpd
Closes: 441787
Changes:
lighttpd (1.4.18-1) unstable; urgency=low
.
* New upstream release, fixes CVE-2007-4727 (closes: #441787)
* lighttpd-angel is installed but not used yet
Files:
40d0e27f312d5574e6019dd734b398b8 1254 web optional lighttpd_1.4.18-1.dsc
5db3204d57436a032f899ff9dbce793f 803361 web optional
lighttpd_1.4.18.orig.tar.gz
b6c3fadd4b23e564190c6d9bd41e9124 19379 web optional lighttpd_1.4.18-1.diff.gz
89e7bbd7b34b78ac56ebe09963762ba8 104478 doc optional
lighttpd-doc_1.4.18-1_all.deb
14c8200864fd1765507c54125af836b6 297160 web optional lighttpd_1.4.18-1_i386.deb
232d2077eafcab124261ad3a55a7835e 62698 web optional
lighttpd-mod-mysql-vhost_1.4.18-1_i386.deb
e211d473291da2418f2e4e0de3e06441 64430 web optional
lighttpd-mod-trigger-b4-dl_1.4.18-1_i386.deb
363c0a1f658efd71ec752e934116b5f2 67326 web optional
lighttpd-mod-cml_1.4.18-1_i386.deb
82620b92b25e124cfb6b041eae2459ff 66866 web optional
lighttpd-mod-magnet_1.4.18-1_i386.deb
4780da3de8d7b3a4448e1ce0565002d1 74646 web optional
lighttpd-mod-webdav_1.4.18-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG5oM1y+HP4f7iC8sRAtaxAJ95lgRtf06dtLnKllbXAS2UyInb4gCfZMdH
Crg1NacixWcUew+KnkxqFUw=
=S4JY
-----END PGP SIGNATURE-----
--- End Message ---
