-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 13 Mar 2014 02:10:46 +0000 Source: lighttpd Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet lighttpd-mod-webdav Architecture: source amd64 all Version: 1.4.28-2+squeeze1.6 Distribution: oldstable-security Urgency: high Maintainer: Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org> Changed-By: Michael Gilbert <mgilbert@debian.org> Description: lighttpd - A fast webserver with minimal memory footprint lighttpd-doc - Documentation for lighttpd lighttpd-mod-cml - Cache meta language module for lighttpd lighttpd-mod-magnet - Control the request handling module for lighttpd lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd lighttpd-mod-trigger-b4-dl - Anti-deep-linking module for lighttpd lighttpd-mod-webdav - WebDAV module for lighttpd Changes: lighttpd (1.4.28-2+squeeze1.6) oldstable-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix cve-2014-2323: mod_mysql_vhost SQL injection. * Fix cve-2014-2324: traversal through paths involving "[...]". Checksums-Sha1: 37cc0cc992a18c56ec6552c15bf10afe875639e5 3001 lighttpd_1.4.28-2+squeeze1.6.dsc 21987235c884269167a866639bbb4066bd9e29e3 36142 lighttpd_1.4.28-2+squeeze1.6.debian.tar.gz f5a627120107c1fa82bf56006c27aa523fe35e20 289196 lighttpd_1.4.28-2+squeeze1.6_amd64.deb 0b1112d0b733d7350846fc9bc878489a235ea4a6 19670 lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1.6_amd64.deb e5657ae5d54bca7fc0ebd32bcd51878e861348e2 21126 lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1.6_amd64.deb 58647df3948005142b21e465df207e1931db792f 24220 lighttpd-mod-cml_1.4.28-2+squeeze1.6_amd64.deb 2b26fe1880e0a33c66ecbdb55b371aa2a252161e 25474 lighttpd-mod-magnet_1.4.28-2+squeeze1.6_amd64.deb 060ab40feca576822b57fdc2a57a97a92da0103c 31758 lighttpd-mod-webdav_1.4.28-2+squeeze1.6_amd64.deb a81d19602ae487f24e6bc8cd456682a6fa59d741 64000 lighttpd-doc_1.4.28-2+squeeze1.6_all.deb Checksums-Sha256: aefcd474cb897652f513d959985d6efd628cdf7f252afbb4aa3848f09133befd 3001 lighttpd_1.4.28-2+squeeze1.6.dsc c06f3f3a60d2b6db660db08110d52e55d32a92f8fc1b5da4bdaf227494278b39 36142 lighttpd_1.4.28-2+squeeze1.6.debian.tar.gz a16538e2c6299ff8453cf9063d3087dcb666af5027a0c3eaeb091bcd241e41cc 289196 lighttpd_1.4.28-2+squeeze1.6_amd64.deb 83f9b9ea8867ba4f95a23dd4d99de68862f26ac55fd266abb407d161a9fd74a8 19670 lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1.6_amd64.deb 39530fce6a05557110fb2d49f9b2c98bc6fde48f85b78a6ce60457dbd502b7f2 21126 lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1.6_amd64.deb 2eb37eb83b3f11ab159dd8d65d393eb8e20f2d5091274460c4d441e0b6699921 24220 lighttpd-mod-cml_1.4.28-2+squeeze1.6_amd64.deb 88d7fe6718f18d080ace2926f7dd68ed4ae6aaedef9cca41e1713d0d31e28136 25474 lighttpd-mod-magnet_1.4.28-2+squeeze1.6_amd64.deb 3aed9df40835f8033150e8961efc35528cc54b3b756021f7a787b5e524c21d94 31758 lighttpd-mod-webdav_1.4.28-2+squeeze1.6_amd64.deb 1d2438e9e52f8785d88fdfc0a9e666ffc14a51b32016506c0c0ff8e3b47bac05 64000 lighttpd-doc_1.4.28-2+squeeze1.6_all.deb Files: 4dcb0c9b9e977fcf89a160b1f25fb5e5 3001 httpd optional lighttpd_1.4.28-2+squeeze1.6.dsc a343fce9020d058cfcca5bdd8d47b3c1 36142 httpd optional lighttpd_1.4.28-2+squeeze1.6.debian.tar.gz 9ec11aade38994d389bb718f61e7dc26 289196 httpd optional lighttpd_1.4.28-2+squeeze1.6_amd64.deb e42c467635521e1b7929011eaef1ff1a 19670 httpd optional lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1.6_amd64.deb 7b9d810f13e26d53305fbf2430e9afd2 21126 httpd optional lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1.6_amd64.deb a4b13c94cc54fea0f87bc9e2b6ddb631 24220 httpd optional lighttpd-mod-cml_1.4.28-2+squeeze1.6_amd64.deb 1facfc0d3e2fd41f661dcadd3c814ae6 25474 httpd optional lighttpd-mod-magnet_1.4.28-2+squeeze1.6_amd64.deb 73ae914a675462c1ca8715f67c11d077 31758 httpd optional lighttpd-mod-webdav_1.4.28-2+squeeze1.6_amd64.deb dc3df56f50de6be19b984b13e9e47b5f 64000 doc optional lighttpd-doc_1.4.28-2+squeeze1.6_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJTIRXlAAoJELjWss0C1vRz1pEf/0VfujYlX2SM2rRsaU68qCpL liXahjXWUrdf1E+z2tCKfB1V6HaYek5Iz4TaiSTwHAjYBtC9n5TXh+ju0gLncGr0 ziHH4f6mIaJnl9FH+emZBLlLVCwXY3xU+jJBFEkuyP/KrhSFviuCOBVvTs5Rirkm soHPAVxe3QnFbwX4YIMxfXNWtt5xGmxuRpz5wSYIFi9t+/x0Q0F4A3fZ5OPI4S06 B9ZXwUii/6DfcxBq4EHdwBu3TruWGSLxKs7MYvG7Pn7yMZ5HjZzSdVdvKCZi+if0 dErq8BLOnY9voptAWAe8eYsRLx0NO9BrhILsZ6Hu/I/RW38tZxCA53gR8AGUuz64 ILFNyG0n4VMbmOThdDyBTpPRMUTDwizob8PuzXUyzTiSjMSjrvVVhtATYSM/MoM0 oecdmThOdcK918kB7QgwysFj+zXVQde8wJ2LrSRZnVcUyNlT0FTejpd+rDKPOqtu j/Vp2GJBSV2WxrCIBbdNtbCWan+7NTb/NDz5w+YjBFFHLEim1CxtNYr1zpxtK2Ry ElOuO9eCcKO+Oc4Pl70GGLGJ9mTm3h5ltsl5YqyIVmLyjqtLjmat+CzalN0Xbbwo uglKDAStmqaAUvbC5ukuuVtYG2epZOWnNQFx1AsodJKsEcdQhKuGykqzAfNgbxbD eHW2CsKvlPiJwkzjSW8xigb0ClFHBxmIhHQIizmtakHXNxtVMm0FGN/HKuIiFkFg 5gHmrxERs9QNqCjQtJRvrXK/WMth6O1pka5ol3WEHBHxA+GC3TrTDwdzp+FVscmW dButDcsOUYGlGsurDQNMkctQ7PqkujMSsGvyiOOYsXte8OT3EzoaIlVq//fMoXdP UZ1+3B2IjMv61NtKepY1EUEE5XpRCkd57IkKbHRyWBeoHv7mXYkif8IY92A+6m6p a+zCgknQ6uTmLCvOvmxnRdQqZC0Dp2IX+K/gy6uCaZGSGlZnK/nMSk+GCPrrYaiQ yTYJm0Ao8B2hOH0ZcsSUqIH4EB2xR2KfnNfl+GLAUWL6X306mJGFaSr+f4X15wEd UJbOHL0G6/hV+anOolumHpvbl2BpyOJcLcvLYcm3fCMpz5f6o3BUdwF0zsJ8fGHb yFmpUT2d6IW8YMrxEVkxPJE8A5NMep31DYVS6BPfrrckew4Ap+QcpMtaKmqsCxh+ vhM5UwXVURmGx9cuioftsdA45JCFvznyeOZYcnIZGjeeu8AHmbFqn25BwJ7tY2bO zAuLDWd4wJbIQvmGvP1B77/4CjVv+05kJd3HxZI5xJ2B+7SClHukTVAeedz2jspi K7iVhYzb/8a95vLYAG+zhWlcCKKn55Cn4ThbJ4CNUMj1Kf5opGDFcJm54pqrPMM= =KSkF -----END PGP SIGNATURE-----