-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 22 Mar 2014 03:06:59 -1100 Source: lighttpd Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet lighttpd-mod-webdav Architecture: source amd64 all Version: 1.4.35-1 Distribution: unstable Urgency: low Maintainer: Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org> Changed-By: Arno Töll <arno@debian.org> Description: lighttpd - fast webserver with minimal memory footprint lighttpd-doc - documentation for lighttpd lighttpd-mod-cml - cache meta language module for lighttpd lighttpd-mod-magnet - control the request handling module for lighttpd lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd lighttpd-mod-trigger-b4-dl - anti-deep-linking module for lighttpd lighttpd-mod-webdav - WebDAV module for lighttpd Closes: 713860 730379 741497 Changes: lighttpd (1.4.35-1) unstable; urgency=low . * New upstream version (fixes CVE-2014-2323, CVE-2014-2324) + Delete patches: cve-2013-4508.patch, cve-2013-4559.patch, cve-2013-4560.patch. Those are all cumulative included since lighttpd 1.4.34 * Acknowledge NMUs by the security team * Make the init script wait until lighttpd really terminates. * Change the default document root /var/www/html (Closes: #730379), add a Lintian override for it * Bump the debhelper dependency to >= 9.20130624 to ensure dh_installinit is recent enough for systemd (Closes: #713860) * Reorder LSB init dependencies, add $local_fs to it * Add hardening flags to lighttpd. Thanks to Michael Gilbert for providing a patch (Closes: #741497) * Remove W3C logo from index.html to avoid inclusion of images hosted elsewhere * Push standards version to 3.9.5 (no changes needed). Checksums-Sha1: f9cab04d94abb919e8610d2db855b70705d62971 2704 lighttpd_1.4.35-1.dsc 90c22d55c9656494d772deb62e253aa35bb5221d 847321 lighttpd_1.4.35.orig.tar.gz 60cc018618fec77a8abd0ccf25bcaa998bef0bd4 25168 lighttpd_1.4.35-1.debian.tar.xz a2c36592d0a1f47ceb892322227416171d7db5c5 240052 lighttpd_1.4.35-1_amd64.deb f75c3e67c2817324dd21558a65bfa71e986dc5c1 60810 lighttpd-doc_1.4.35-1_all.deb 992a9a6534b9e7daf94fee5c102b45257b261ddd 19466 lighttpd-mod-mysql-vhost_1.4.35-1_amd64.deb 69ae50f9f763315b97211224cddf96d9b77cfe53 20698 lighttpd-mod-trigger-b4-dl_1.4.35-1_amd64.deb 0a630ad930e7b3b730687b3175ec29fec755624f 23192 lighttpd-mod-cml_1.4.35-1_amd64.deb 4325b2e1eaf1ea7893a8104cc7e5786487dc1857 24002 lighttpd-mod-magnet_1.4.35-1_amd64.deb 0f7e8c12fb25338a1582475139d19a315f5d0257 29448 lighttpd-mod-webdav_1.4.35-1_amd64.deb Checksums-Sha256: 91c867d164d7b74df857d22edc3030ac8c9238d718c1a4530a2908c6152e052d 2704 lighttpd_1.4.35-1.dsc 62c23de053fd82e1bf64f204cb6c6e44ba3c16c01ff1e09da680d982802ef1cc 847321 lighttpd_1.4.35.orig.tar.gz b73afa77e991390bbde5d8d2e07ef95ef182f4daf380f0879734d57102049824 25168 lighttpd_1.4.35-1.debian.tar.xz 4ad88d2d0c34009e2af19980d2fe5e6ac614e80a2d34dd73bbc62d1e3a4f87af 240052 lighttpd_1.4.35-1_amd64.deb 42a9d8b54221d2112262829a5df1f67d8985eb5fab755e91c08cf21689007cdb 60810 lighttpd-doc_1.4.35-1_all.deb a7355180ed9fdd0f2aff4d638a3b0f59f2ce29966bb22e1a7d63021cdaa801b1 19466 lighttpd-mod-mysql-vhost_1.4.35-1_amd64.deb 07fa48072842d16a5156a9f363223b30f5995388e99ff2f892696fa0d81efe04 20698 lighttpd-mod-trigger-b4-dl_1.4.35-1_amd64.deb b491cfe18fbe95abdd79bba991b5b1011fdbd0c72ac522f3cc0e8a142577f546 23192 lighttpd-mod-cml_1.4.35-1_amd64.deb 09e53f37346f074b97939950ba8384809739c3e1e5fd9dcbeea6b54a277d51c0 24002 lighttpd-mod-magnet_1.4.35-1_amd64.deb f3de1cc963f583eeb95602c5e4ca018dd6b08c929e7a5a6ee68da6dbbfd901e6 29448 lighttpd-mod-webdav_1.4.35-1_amd64.deb Files: 9b6b842181b056427e39cf2f89580d05 2704 httpd optional lighttpd_1.4.35-1.dsc 69057685df672218d45809539b874917 847321 httpd optional lighttpd_1.4.35.orig.tar.gz 5396cec339fd68c40accff0a4f89185d 25168 httpd optional lighttpd_1.4.35-1.debian.tar.xz 6f305689557b80623a95ae42222780fc 240052 httpd optional lighttpd_1.4.35-1_amd64.deb 3046a358c8fc2d8589a9324ed70e850a 60810 doc optional lighttpd-doc_1.4.35-1_all.deb c2781b1be204149d1079f96cb55f7434 19466 httpd optional lighttpd-mod-mysql-vhost_1.4.35-1_amd64.deb bb57f628b630bf854cc8fa4c05c72526 20698 httpd optional lighttpd-mod-trigger-b4-dl_1.4.35-1_amd64.deb d4728adae68b039becf2b6ece6bb5cbd 23192 httpd optional lighttpd-mod-cml_1.4.35-1_amd64.deb 28d81761cc533098d0e5a93e37fb7bbb 24002 httpd optional lighttpd-mod-magnet_1.4.35-1_amd64.deb 97343536ac911296b19b9e779132a372 29448 httpd optional lighttpd-mod-webdav_1.4.35-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJTLaReAAoJEMcrUe6dgPNtRR4P/AvNVrxV9lNAGCwbwxH4DSol nJz9Kri1iTjFY69QE+9E8xrKVJ6kP6sGBhRPX0fnrqAXlBDmhVoRLcC/bYt/qbA4 eZ1ESog6n3PMjK0JapXbjc3Y42PXyBdvjeE/hLjJ9LS4SDXbJt+WlYYB//Zo3xnq G8LQTQhGArjaBosJitpqv7fhP0q0mWNUgYq/tGB38EZA7jphOiD3Ih066NpbHJMq jOX79XE5GQRKKOEB/TQaFJNnF/j64++DmfTcOz49BO/OSpnJyfjXq8TaKxF2rDlP YtnEPNgIfOSeDSkaMom4TKWKNyrv4NWTU08lH07lx4dI8b4TkIMyq3P3G9D8x0fw lVYz4M9in74WoR81dqMO4+lXb1HvaBefD5AJmYVEjW8l22E2eoMBhoc+dQUjBGui lkLlJW9zqQQ72Hsgac+HQ0IkNTmAA91091Ey6i5gV0Btt5vGDSoenA5DCSZoRfSb v7npz0Ge2DoIW2pQCkdz/YA7cKM1+eQTZCO+3ZFNaOkl18rHG3LWiHRQ1dVK0GST sew/mG1/QbO72lEbieFDR+JY9RsxvfZsAqLbSdKF77rauflO2Rq9CKwYCrQkqV86 PSFpSusbEdSJwvuT14FgbtDJjN5Lf4esUk1iGlvwM8s8TDVBDcbpQ7dUuvDDcDD9 lcTLPJPBxGY4lmh8Eo+2 =T2hL -----END PGP SIGNATURE-----