Package: lighttpd | Debian Sources

Package: lighttpd / 1.4.31-4+deb7u4

Package	Version	Patches format
lighttpd	1.4.31-4+deb7u4	3.0 (quilt)

Patch	File delta	Description
connection dos.patch \| (download)	src/request.c \| 75 38 + 37 - 0 ! 1 file changed, 38 insertions(+), 37 deletions(-)	fix dos in header value split (cve-2012-5533) Fix DoS in header value split (reported by Jesse Sipprell; CVE-2012-5533) Any client which is able to connect to lighttpd can cause a DoS by sending "strange" Connection headers, for example: "Connection: TE,,Keep-Alive". This patch fixes the issue.
cve 2013 4508.patch \| (download)	src/base.h \| 6 5 + 1 - 0 ! src/configfile.c \| 12 10 + 2 - 0 ! src/network.c \| 219 172 + 47 - 0 ! src/server.c \| 3 3 + 0 - 0 ! 4 files changed, 190 insertions(+), 50 deletions(-)	---
cve 2013 4559.patch \| (download)	src/server.c \| 15 12 + 3 - 0 ! 1 file changed, 12 insertions(+), 3 deletions(-)	---
cve 2013 4560.patch \| (download)	src/stat_cache.c \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	---
cve 2013 4508 regression bug729480.patch \| (download)	src/network.c \| 8 8 + 0 - 0 ! 1 file changed, 8 insertions(+)	---
cve 2014 2323.patch \| (download)	src/mod_mysql_vhost.c \| 14 12 + 2 - 0 ! 1 file changed, 12 insertions(+), 2 deletions(-)	fix cve-2014-2323
cve 2014 2324.patch \| (download)	src/request.c \| 6 5 + 1 - 0 ! 1 file changed, 5 insertions(+), 1 deletion(-)	fix cve-2014-2324
CVE 2014 3566.patch \| (download)	src/configfile.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	cve-2014-3566 Disable SSLv3 by default and prevent the POODLE issue alias CVE-2014-3566.

Patch	File delta	Description
connection dos.patch \| (download)	src/request.c \| 75 38 + 37 - 0 ! 1 file changed, 38 insertions(+), 37 deletions(-)	fix dos in header value split (cve-2012-5533) Fix DoS in header value split (reported by Jesse Sipprell; CVE-2012-5533) Any client which is able to connect to lighttpd can cause a DoS by sending "strange" Connection headers, for example: "Connection: TE,,Keep-Alive". This patch fixes the issue.
cve 2013 4508.patch \| (download)	src/base.h \| 6 5 + 1 - 0 ! src/configfile.c \| 12 10 + 2 - 0 ! src/network.c \| 219 172 + 47 - 0 ! src/server.c \| 3 3 + 0 - 0 ! 4 files changed, 190 insertions(+), 50 deletions(-)	---
cve 2013 4559.patch \| (download)	src/server.c \| 15 12 + 3 - 0 ! 1 file changed, 12 insertions(+), 3 deletions(-)	---
cve 2013 4560.patch \| (download)	src/stat_cache.c \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	---
cve 2013 4508 regression bug729480.patch \| (download)	src/network.c \| 8 8 + 0 - 0 ! 1 file changed, 8 insertions(+)	---
cve 2014 2323.patch \| (download)	src/mod_mysql_vhost.c \| 14 12 + 2 - 0 ! 1 file changed, 12 insertions(+), 2 deletions(-)	fix cve-2014-2323
cve 2014 2324.patch \| (download)	src/request.c \| 6 5 + 1 - 0 ! 1 file changed, 5 insertions(+), 1 deletion(-)	fix cve-2014-2324
CVE 2014 3566.patch \| (download)	src/configfile.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	cve-2014-3566 Disable SSLv3 by default and prevent the POODLE issue alias CVE-2014-3566.