-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 13 Mar 2014 02:03:42 +0000 Source: lighttpd Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet lighttpd-mod-webdav Architecture: source amd64 all Version: 1.4.31-4+deb7u3 Distribution: stable-security Urgency: high Maintainer: Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org> Changed-By: Michael Gilbert <mgilbert@debian.org> Description: lighttpd - fast webserver with minimal memory footprint lighttpd-doc - documentation for lighttpd lighttpd-mod-cml - cache meta language module for lighttpd lighttpd-mod-magnet - control the request handling module for lighttpd lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd lighttpd-mod-trigger-b4-dl - anti-deep-linking module for lighttpd lighttpd-mod-webdav - WebDAV module for lighttpd Changes: lighttpd (1.4.31-4+deb7u3) stable-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix cve-2014-2323: mod_mysql_vhost SQL injection. * Fix cve-2014-2324: traversal through paths involving "[...]". Checksums-Sha1: fe12f9fe294fe40970efc4213b505d220fcab05d 3365 lighttpd_1.4.31-4+deb7u3.dsc 5a69704d112b1b0a17aa27054a5ed319ac50bd5c 33680 lighttpd_1.4.31-4+deb7u3.debian.tar.gz e60634a7725cf3fd24e7a215137925505f4b2434 305216 lighttpd_1.4.31-4+deb7u3_amd64.deb 7ecffe931a0d2c5231b8964ed71c4278d89b3df4 64044 lighttpd-doc_1.4.31-4+deb7u3_all.deb 7bf04c10f417e8ca62651dfe6c3d5cc31694685e 20452 lighttpd-mod-mysql-vhost_1.4.31-4+deb7u3_amd64.deb 30022894e2547f2599184f6522ebecba06393431 21898 lighttpd-mod-trigger-b4-dl_1.4.31-4+deb7u3_amd64.deb d0e5be82b989de86bafe2dd86d913dd5e5956395 25172 lighttpd-mod-cml_1.4.31-4+deb7u3_amd64.deb 6a47cd9834b5a345375acb9154863017229ce214 26362 lighttpd-mod-magnet_1.4.31-4+deb7u3_amd64.deb cd306f550da014aa73bf18676a36b31c7a62b114 32688 lighttpd-mod-webdav_1.4.31-4+deb7u3_amd64.deb Checksums-Sha256: 42754dd5acf0c9bc0d9dfc02db628802603bd3cc429dc1861a7da1cd3b478fd4 3365 lighttpd_1.4.31-4+deb7u3.dsc 4fdce2ce8fc6626080563dcc1ab1c4f3281743bf011e4d71ee5e0a5b3445fbf4 33680 lighttpd_1.4.31-4+deb7u3.debian.tar.gz f184fa68f0a329d22d6638c8cc666f6b1037ba4c12eeb1e51f0ccc18d693e0b9 305216 lighttpd_1.4.31-4+deb7u3_amd64.deb 1f225e3334e37a7fad06826e7b1e9a59159ab3fa9ad89fec580f63e7c3e1fac5 64044 lighttpd-doc_1.4.31-4+deb7u3_all.deb d0d840698a3173b9d8335b3efeef2ad9439569027e6794dc42cbaf87e999759a 20452 lighttpd-mod-mysql-vhost_1.4.31-4+deb7u3_amd64.deb 568f76806640f4a5aa45c88be47f9515dac28d7aa63782606335bc77677dd130 21898 lighttpd-mod-trigger-b4-dl_1.4.31-4+deb7u3_amd64.deb 793cf1695ed563fa2f7db9fa23aba798f2cc0abe152507163cfcf0d910507238 25172 lighttpd-mod-cml_1.4.31-4+deb7u3_amd64.deb 87ab1f52431de581816a10a22c8c24b8dc1e0194f1d0a8e16276a25110133b1f 26362 lighttpd-mod-magnet_1.4.31-4+deb7u3_amd64.deb 7bd3cbd19d2e30a64624ab82fa6e257a11e4176213efc6d5e10f5242bcff2710 32688 lighttpd-mod-webdav_1.4.31-4+deb7u3_amd64.deb Files: 7c491f94e5207ffa5f6178b1906c0e21 3365 httpd optional lighttpd_1.4.31-4+deb7u3.dsc 04253d05a7d0aa6738687aa34743c3bd 33680 httpd optional lighttpd_1.4.31-4+deb7u3.debian.tar.gz ceac4baee81d403656e68a3f09879cca 305216 httpd optional lighttpd_1.4.31-4+deb7u3_amd64.deb ebdde45bf1e636288dea5ffe7d2fc404 64044 doc optional lighttpd-doc_1.4.31-4+deb7u3_all.deb 7608f90a7e4a6db666978e6d6dce26d1 20452 httpd optional lighttpd-mod-mysql-vhost_1.4.31-4+deb7u3_amd64.deb cfa5a247e14f890af90805e7554a1264 21898 httpd optional lighttpd-mod-trigger-b4-dl_1.4.31-4+deb7u3_amd64.deb ce62215d8a4846a49ab5a7267021504b 25172 httpd optional lighttpd-mod-cml_1.4.31-4+deb7u3_amd64.deb 632b2f85a6a0b0f18634e79485b799a8 26362 httpd optional lighttpd-mod-magnet_1.4.31-4+deb7u3_amd64.deb eec3df13a886ae0e890c179ffe68de3c 32688 httpd optional lighttpd-mod-webdav_1.4.31-4+deb7u3_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJTIRWSAAoJELjWss0C1vRzCQIf/0CN/iabXx24dCSZIk/b3DN3 JCr7TS5RJWI0mW+/e+HnVb1GJ70E3FY553GRog3daTnqnyBD7bu83QtPf3O0lqbP dgKD0h6AmHYY+J9HV74oS9+w//BZn61Fv+DKMlLfDTgqcXlrfMvSOkw1b7dW1v3G f/vVRz2pJ2OxIa+t+c4IHV7Xj07hej5RYe+AZJseF8A6rbp8MO45mgd+WuYeE5xH qXGtioWMj2BhDVqs1oFQxGpvRWvolkKCMOSULL/7P0+qz8tBLPXbkvWiwzlbZNvF zj3TIc0n+WAqJtKP2MZnu/gFs9PMOGaUIPdSl1EE4X+VdKe0fd/u+jzJn2f4qTCw gulVq/FNn34DFNErdue2IW7zM7RimWGtBXeQzVT+ZsYGo0vPZLT35uMvEznZNq17 h9KwRdD5tdFviS8dQ4pTe9chW1ZHMn85+NifmvDK2sxGw+2hzHkA006dKjmu1pgk aLZuuq8c+SwO+u0wz6Suzb2g2Rprmzv+w1mziI5+xB82mCAz8mNXqYHgK91Na/v+ iwtdTDiPxT1HOLbZa6SS040RfIb6GG5w6XAaIfsEzFURFXnXYLDwL9Qb578AHJkb O2sxAeNjdlyLWJmn3dtgQWmi1BtBFb/cOBR7ephby6wD5UISks2pEIJXDuNfY3s/ SmyVpca6dGA3dOIkHP1EhQ5Us316uwM5BUOvvX87SJTuExoP0DAh2b0p/kB7j6j3 tiF9Kp2bRlYDgX+/DcAjg3xefzyEwmisKo9BN4K4Euzh4rYr18BoKw2c3RzZqlri 71z1TWdWXDvVXI2btvpmVZVdcgvQ/LYs3QWEjdfEzpbgj6dqD3duJHm7YaKPnCto Hltzl573KQhKEtNYjsGd8NYDYmKrwuC9zzHihsv3NyuK+aeMK9ZepTKg5thIoxkq IMUxEQM4WmqCYpOQvDNMG6m/blN6nAgqlWQgHkdX7nP0igBo4yQFSc34XqG9PCt6 Uy/AQnHz6484WG6qqSyogBkk60HeQY7Lkh6ptMq9vN0GsKQIdE/GfykFE91WPWZ0 5mFfQnhV3Jh5EDdj/VHcQbSQLm44m7APD//gm3pXLOM16ftxLzTFfHu+9rPybfVn c8WSEI+JTAYnQGBJs1XjNDxTz9nXB2YCs2OpaH0xciOw/GcN+qKI0jnXJEeHKfci WZlNGc5uoOLRLrB7cqjYyaJMrK55bpMUflhJA4w/JgKqq7QZ1YLKTql6Blc+2q5C VnTwt1LKweEh/S1faphbS5OGymJMLsy0lYa6XK/qPBFaAg2bsmYGlxoaANoPqfAq BddnBDSJdH3vBLt5/xexMDbqWwTkYR/64xvaRYBtKrrI5rDg5amJY4L/nLVlFNQ= =BQo3 -----END PGP SIGNATURE-----