Bug#741493: marked as done (lighttpd: SA_2014_01)

[Debian Bug Tracking System]

Your message dated Thu, 13 Mar 2014 01:50:13 +0000
with message-id <e1wnumj-0006x5...@franck.debian.org>
and subject line Bug#741493: fixed in lighttpd 1.4.33-1+nmu3
has caused the Debian Bug report #741493,
regarding lighttpd: SA_2014_01
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
741493: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741493
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

package: src:lighttpd
severity: serious
version: 1.4.28-2
tag: security

lighttpd just released a security announcement:
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt

This was assigned the following CVEs:
SQL injection - use CVE-2014-2323.
path traversal - use CVE-2014-2324.

Best wishes,
Mike

--- End Message ---

--- Begin Message ---

Source: lighttpd
Source-Version: 1.4.33-1+nmu3

We believe that the bug you reported is fixed in the latest version of
lighttpd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 741...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <mgilb...@debian.org> (supplier of updated lighttpd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 13 Mar 2014 00:29:44 +0000
Source: lighttpd
Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost 
lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet 
lighttpd-mod-webdav
Architecture: source amd64 all
Version: 1.4.33-1+nmu3
Distribution: unstable
Urgency: high
Maintainer: Debian lighttpd maintainers 
<pkg-lighttpd-maintain...@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilb...@debian.org>
Description: 
 lighttpd   - fast webserver with minimal memory footprint
 lighttpd-doc - documentation for lighttpd
 lighttpd-mod-cml - cache meta language module for lighttpd
 lighttpd-mod-magnet - control the request handling module for lighttpd
 lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd
 lighttpd-mod-trigger-b4-dl - anti-deep-linking module for lighttpd
 lighttpd-mod-webdav - WebDAV module for lighttpd
Closes: 741493
Changes: 
 lighttpd (1.4.33-1+nmu3) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team (closes: #741493).
   * Fix cve-2014-2323: mod_mysql_vhost SQL injection.
   * Fix cve-2014-2334: traversal through paths involving "[...]".
Checksums-Sha1: 
 084de4dbf78a27f6b418ec7e85cddeab6e467414 3396 lighttpd_1.4.33-1+nmu3.dsc
 ad837e956d686e090c2e7d5a1ac0c05ce12a5942 29300 
lighttpd_1.4.33-1+nmu3.debian.tar.xz
 ee94bdb1d9ceca25a3e5d1397e51fd37a21ccce6 234332 
lighttpd_1.4.33-1+nmu3_amd64.deb
 e9b57f1bd2783a3c13f4da3c54ac3fbd29f2d15f 60658 
lighttpd-doc_1.4.33-1+nmu3_all.deb
 cecafc4bea7f8dfeed6fd67b3638f2bc90f61ad7 19210 
lighttpd-mod-mysql-vhost_1.4.33-1+nmu3_amd64.deb
 6fd8072b7203238a784bf5487c25e18a394a8691 20456 
lighttpd-mod-trigger-b4-dl_1.4.33-1+nmu3_amd64.deb
 cda85e6e819a5612cd2db77c4449eaa120b7ce20 22946 
lighttpd-mod-cml_1.4.33-1+nmu3_amd64.deb
 a272acbe051789ca32226a5e7a224c1941130d2d 23784 
lighttpd-mod-magnet_1.4.33-1+nmu3_amd64.deb
 ad0e8ecab87786658d148ce972f589e39f07ec12 29224 
lighttpd-mod-webdav_1.4.33-1+nmu3_amd64.deb
Checksums-Sha256: 
 697b630c7a00c4b6e7b5d0fa1085394c4c7f3a4e87a0e3d8d6fc918a606d0950 3396 
lighttpd_1.4.33-1+nmu3.dsc
 1ef0ba4d3ec31a14e956a7d759ed4414228aee317d337a44a932016fc4620b8f 29300 
lighttpd_1.4.33-1+nmu3.debian.tar.xz
 b88921c0e7ac9f5557fd0cddd0c33a8c6f8e3eb99c8fa727ab5c1cd7eaf57dc0 234332 
lighttpd_1.4.33-1+nmu3_amd64.deb
 8e9ce06f76b7566ae5ca2923c589687e3b724bcfca0dd95c320df1525d009605 60658 
lighttpd-doc_1.4.33-1+nmu3_all.deb
 a88435d687f072d566d0a59739cd547d5bf9743f13c4b55f9ffff1bc68d00cc1 19210 
lighttpd-mod-mysql-vhost_1.4.33-1+nmu3_amd64.deb
 ce1bbc904b4b2fc2fd7e54a6dab990251b007d7e25c15270e9bd1a4b726b362a 20456 
lighttpd-mod-trigger-b4-dl_1.4.33-1+nmu3_amd64.deb
 9646b8a76e237b951dd46bd20eb00d8c160e1154870894931e47e3c56b61cc18 22946 
lighttpd-mod-cml_1.4.33-1+nmu3_amd64.deb
 5221e84df733d06450902dfa6d69d324eb87e296bffd57f432960851375914ed 23784 
lighttpd-mod-magnet_1.4.33-1+nmu3_amd64.deb
 42514fcf635e50eaf191341e1542d0fbcbc0db862d864bbadfa6dc55072d5b68 29224 
lighttpd-mod-webdav_1.4.33-1+nmu3_amd64.deb
Files: 
 cbefa19c46a409cab59c65bfaf70853c 3396 httpd optional lighttpd_1.4.33-1+nmu3.dsc
 c8667e73921f7f4020decb548e857b4e 29300 httpd optional 
lighttpd_1.4.33-1+nmu3.debian.tar.xz
 ab33c4610ec884908886ee84ecae3d52 234332 httpd optional 
lighttpd_1.4.33-1+nmu3_amd64.deb
 76536d345e7779200882531fabe77d9e 60658 doc optional 
lighttpd-doc_1.4.33-1+nmu3_all.deb
 da1ccf0ff80594ad85490242b21936f2 19210 httpd optional 
lighttpd-mod-mysql-vhost_1.4.33-1+nmu3_amd64.deb
 c199ada5a689bc7ec1d808632e4b5548 20456 httpd optional 
lighttpd-mod-trigger-b4-dl_1.4.33-1+nmu3_amd64.deb
 f69cf0d989947d058e1a94e5dd23d9a1 22946 httpd optional 
lighttpd-mod-cml_1.4.33-1+nmu3_amd64.deb
 6f985981132541e163c6c6b1bc88c36c 23784 httpd optional 
lighttpd-mod-magnet_1.4.33-1+nmu3_amd64.deb
 29d20e5174281b664c3db091bc2c8df9 29224 httpd optional 
lighttpd-mod-webdav_1.4.33-1+nmu3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJTIQqIAAoJELjWss0C1vRzN38gAL30NFxSNf+wClZqDo5y7iDA
GnM0UuCY9Xb9gRAna2krSnaSz/tjaldDRIaJnCWvRVWlaL9J0TAFVGnYqRWjduDT
VTeHEvUnLP08orZaMgxAdkIb5pc3BoHQ+7cUaWC0NiV9SAI7L1mjePApzASU43b3
IDKGJMF4+uxsgj+1zaIBcatHCV7F3g87deRlWtyUEwDYLH/Qmg5/WGtOEtYqHVxK
jFEszKJyznzivmwPiaLs0xcfpvFa7Kx7Rf+KD4aNxB/1RLYzM9KwE17Sz0F0cRHA
8nIwns69Xam/NhdGevBmDMsvoE16yD+UEAdHZ2//Y4WgwYJoI7hkVgrRMyCi3+10
Lp7+N60Q7BDfozLi/fkbpzk9z4Vxecy+WmRtQmm8Uf90qamO+7Tx/qxFDc18G3lg
aXXr7qQv8kC49dLuD23hkQZjTlrTlkP7VUi95KvhxfpyfkQbT4Iz2uRB9qjY0ZeL
oiS7Qo9P7CDwO/Z6TKz8w0IcsW7F+kAOcKbH9e/84tRcreodK6c7RrLn4wWmYov7
nJqLX4cU3ctzilrcrrcubu4lLTU47FyyT19N0/782NQrvypGtSPNnL13J+nkseq6
CW4ZPQQas4yl8uoi8/iyBj641GRvfPATt2NFh5eObQJ4lIEMyChNHESXTvzyQQ3i
3X6to2icw71WEirwY5QwLSlqPj2J5CGs+QEgykJemWqrb3xiN4xEg6A2wr0x0+dW
X/ldyUrIlMzpofadyfNa1W1hIUyPBSB71qqWoSjqkJb1ypTqj4o9cw++vgmVBWCd
YnJGd/ge68tQO/eFTL4QypfZBadGQDR21aKfm6KUHsVmKeETnYylYt9eoU04srWl
RrNqfmAmpL/0UP1WNU22hbrEh3OwoIYwgQSoQW8F08HcByOkBzhCUDQ5qzdv0zKi
kr5Q/Zvh/wGyf4Kl5j56mBrpJ0EwBWG+vBd8qUwUigLrauaQMb5+GG8ZYg23RjO7
TZeAnSOF//S63n5IAICsw4UJ4SBIaeurUMlpTI4yETaxMcagqXuY4gIHGseOmmkL
YcwpcdM1lc9ZmqOsH0UGBHK73O3FUMuYH2kakEeOi5OSR8n5jIbOnSQjJG4ltJR/
XhCLc/+ib+4i+gPpvswjKC+04f/TO7Y3ThpTm5vaPvtPzwFto8NlsN5hdENDQRm4
bhQqErxyqBkPBilHaf1RnXVJjM3yNJAf98H+K75fPMMK8xwRnHl2T1Id3nFpvoeP
SUVt3z6DjxQZRZVYsYgIyDVEpwbBJYzrJ9VrfOUku2brACOrmM0jR24q/DVNIfFT
/yLG0rzJc9fnzb7SGEL4JJ4wGyiH4Sh+OKT0wHYCAlnAcRHuN1B/O9M0mcnBdX0=
=Ze0i
-----END PGP SIGNATURE-----

--- End Message ---