[pkg-lighttpd] Proposing a change for Lighttpd (CVE-2011-4362 and other)
Nico Golde
nico at ngolde.de
Mon Dec 19 16:08:00 UTC 2011
Hi,
* Arno Töll <debian at toell.net> [2011-12-19 09:31]:
> I'm proposing the attached diffs for (old-)stable-security. They fix the
> following issues for stable and oldstable:
[...]
> Note, upstream commit 2810 does not fix the issue all alone. It is
> needed to enable the suggested workaround to limit the impact by
> changing the configuration. I wrote a NEWS file giving instructions to
> the site administrator and updated the configuration files accordingly.
Thanks for contacting us. The update looks good. I will release this tomorrow.
As for unstable... I can sponsor the update if you send me a debdiff.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-lighttpd-maintainers/attachments/20111219/649732d6/attachment.pgp>
More information about the pkg-lighttpd-maintainers
mailing list