Package: lighttpd / 1.4.31-4+deb7u4
Metadata
Package | Version | Patches format |
---|---|---|
lighttpd | 1.4.31-4+deb7u4 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
connection dos.patch | (download) |
src/request.c |
75 38 + 37 - 0 ! |
fix dos in header value split (cve-2012-5533) Fix DoS in header value split (reported by Jesse Sipprell; CVE-2012-5533) Any client which is able to connect to lighttpd can cause a DoS by sending "strange" Connection headers, for example: "Connection: TE,,Keep-Alive". This patch fixes the issue. |
cve 2013 4508.patch | (download) |
src/base.h |
6 5 + 1 - 0 ! |
--- |
cve 2013 4559.patch | (download) |
src/server.c |
15 12 + 3 - 0 ! |
--- |
cve 2013 4560.patch | (download) |
src/stat_cache.c |
1 1 + 0 - 0 ! |
--- |
cve 2013 4508 regression bug729480.patch | (download) |
src/network.c |
8 8 + 0 - 0 ! |
--- |
cve 2014 2323.patch | (download) |
src/mod_mysql_vhost.c |
14 12 + 2 - 0 ! |
fix cve-2014-2323 |
cve 2014 2324.patch | (download) |
src/request.c |
6 5 + 1 - 0 ! |
fix cve-2014-2324 |
CVE 2014 3566.patch | (download) |
src/configfile.c |
2 1 + 1 - 0 ! |
cve-2014-3566 Disable SSLv3 by default and prevent the POODLE issue alias CVE-2014-3566. |