Debian Package Tracker

From: <dak@security.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted bozohttpd 20111118-1+deb7u1 (source amd64) into oldstable
Date: Thu, 26 May 2016 04:10:10 +0000
Signed by: Markus Koschany <apo@gambaru.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 26 May 2016 05:46:07 +0200
Source: bozohttpd
Binary: bozohttpd
Architecture: source amd64
Version: 20111118-1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Mattias Nordstrom <mnordstr@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description: 
 bozohttpd  - Bozotic HTTP server
Closes: 755197
Changes: 
 bozohttpd (20111118-1+deb7u1) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2014-5015:
     bozotic HTTP server (aka bozohttpd) before 201407081 truncates paths when
     checking .htpasswd restrictions, which allows remote attackers to bypass
     the HTTP authentication scheme and access restrictions via a long path.
     (Closes: #755197)
   * CVE-2015-8212:
     Fix a security issue in CGI suffix handler support which would allow remote
     code execution.
Checksums-Sha1: 
 fdf7b070018dbb99f1e3395830d68dc2620aaf2a 1834 bozohttpd_20111118-1+deb7u1.dsc
 3e130483c827a6a2edf890c1216ab92731c3fd7f 56213 bozohttpd_20111118.orig.tar.gz
 efbd8f3fc65a67f4752ed6c97e99aea22bb74fb3 5772 bozohttpd_20111118-1+deb7u1.diff.gz
 00b8652075f10c2ab0bf3ae0947479fb3cc2dd21 44664 bozohttpd_20111118-1+deb7u1_amd64.deb
Checksums-Sha256: 
 35d115f580673ea6791709d198652914d83abccd03c24acf30acdc09a834ce7a 1834 bozohttpd_20111118-1+deb7u1.dsc
 6cb6ab6fb3b127af452ffd4ddbdd5e9c1676934bd19b8b5edc12c33e0fe4278d 56213 bozohttpd_20111118.orig.tar.gz
 8cbc434d63a54e6f48d5eee94c571447bdc1c3e1f90416d265c7227789b20964 5772 bozohttpd_20111118-1+deb7u1.diff.gz
 18b80dd0e31837e98805c171d2db398ade464fdd5eee62a0843fd864a3caeaaa 44664 bozohttpd_20111118-1+deb7u1_amd64.deb
Files: 
 db666391064add19e2ce3df08d3acde4 1834 httpd extra bozohttpd_20111118-1+deb7u1.dsc
 a067033495b153b6b6db2469ca3a2c04 56213 httpd extra bozohttpd_20111118.orig.tar.gz
 5d4adcadd70ea9e7e40eceb0a9ad6e5e 5772 httpd extra bozohttpd_20111118-1+deb7u1.diff.gz
 0fe6b2bd885afd57945ad28faec319d0 44664 httpd extra bozohttpd_20111118-1+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJXRnTKXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkJ8kQAM5lPF/aqzV/pDSzBH6EBpD6
0cd3QjSsfW2mMiBZnOU8QqLAagZvxI6WWvLcnV7c4xJhnIs883GaKNKEMSk36ehc
X9NYGnISjTLWNq3XkzYHj4vwyQxwHhOYH5hZaqUiFbkJGWt124+0utkJG8s3QwIe
+WsPITzp7hEUrT32vqGh90EHwPmzl8kbGsp8+bZr9FJS9jVQNMbRkzo62zQt2gB2
aExbm0P2WACOzG5WeteHU4c3LR5Yv25IrYm5N7jpUXbfCGe3cHFaFpCXGbezrLS0
za5GYWEj5L0y0Nj2i1xsIKfyNFmQoqNT78o4dcGyhomXh+6wbDfitToGr3EvPW7z
HND2EGoKvGWTwPvm5bPIDbGc8uNeWThYjmEUFgXDnNm9LKPx2dEpf8KqoSGw4hiG
PI0rs3c74dQLSRBlfjyLJrsKIAwuI4LI1lxjCdLb6AEGcZOyw5z3M4dCJaKtnF0m
YgMz7ubY5iXFOj4Z4NIRkTg/+AC8g/4gv6EWoeFb1FSuA3wKYYdQhnbeRDL214k8
ZQcq6UJjr3kE/mVmuWsDppD39iEMAefRDLzTQJHcOc0pOmmZqbBw9ni+OAi/6g2g
u5F7qNQgRK5weviAseMfwkAKhWyVbjkkXzgZhwNcupByM5RKzUvQguBj8UxACnzJ
8U9zC5czAxLuq2iWsCuk
=qbyM
-----END PGP SIGNATURE-----
News for package bozohttpd
