Bug#422254: lighttpd: Security vulnerabilities in Etch version

Package: lighttpd Version: 1.4.13-4 Severity: critical Tags: security patch Justification: root security hole 1.4.13-4 in etch has two security flaws: CVE-2007-1870 CVE-2007-1869 I include a patch against the debian source of 1.4.13-4 with http://www.lighttpd.net/assets/2007/4/13/lighttpd-1.4.x_

Bug#419131: Patch for 1.4.13-4 in Etch

Hi, The version in etch is still vulnerable. I have patched it for local use. Hope the diff below helps. I used the two patches from http://secunia.com/advisories/24886/ : http://www.lighttpd.net/assets/2007/4/13/lighttpd-1.4.x_crlf_parsing_dos.patch http://www.lighttpd.net/assets/2007/4/13/l