Accepted lighttpd 1.4.28-2+squeeze1.1 (source amd64 all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 12 Feb 2013 13:56:53 +0100
Source: lighttpd
Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet lighttpd-mod-webdav
Architecture: source amd64 all
Version: 1.4.28-2+squeeze1.1
Distribution: stable-security
Urgency: high
Maintainer: Debian lighttpd maintainers <pkg-lighttpd-maintainers@lists.alioth.debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description:
lighttpd - A fast webserver with minimal memory footprint
lighttpd-doc - Documentation for lighttpd
lighttpd-mod-cml - Cache meta language module for lighttpd
lighttpd-mod-magnet - Control the request handling module for lighttpd
lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd
lighttpd-mod-trigger-b4-dl - Anti-deep-linking module for lighttpd
lighttpd-mod-webdav - WebDAV module for lighttpd
Closes: 700399
Changes:
lighttpd (1.4.28-2+squeeze1.1) stable-security; urgency=high
.
* Non-maintainer upload by the security team.
* Backport upstream fixes for SSL attacks:
+ Disable client triggered renegotiation by default (CVE-2009-3555).
Can be re-enabled with ssl.disable-client-renegotiation = "disable".
+ Disable SSL compression at build time (CVE-2012-4929, 'CRIME').
(closes: #700399)
Checksums-Sha1:
889b4f79fb0dc138c03fcaf983e8a9f8af5394a1 2264 lighttpd_1.4.28-2+squeeze1.1.dsc
6b20e8d7b83655f0f28627b922b37028eb6ef2ab 30685 lighttpd_1.4.28-2+squeeze1.1.debian.tar.gz
d7c42189b60dff1a4b0e902e7fc5f9070ec44506 287844 lighttpd_1.4.28-2+squeeze1.1_amd64.deb
949344bbf28a0f35616b1494a95179c75df987bc 18810 lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1.1_amd64.deb
8125f8d908b6fec9e34f18ab500bb32769185fc3 20424 lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1.1_amd64.deb
2ae83514f205e4a5810d11da2a7d2e49bed8c192 23584 lighttpd-mod-cml_1.4.28-2+squeeze1.1_amd64.deb
58288edcc27e7f5d1fb585299142901dc3457409 24776 lighttpd-mod-magnet_1.4.28-2+squeeze1.1_amd64.deb
522d109122479f54e1ad78282408fe1c068f152b 30800 lighttpd-mod-webdav_1.4.28-2+squeeze1.1_amd64.deb
ba19288e3cfd9cdcc722f50a9e0d5e5d0e958f61 60720 lighttpd-doc_1.4.28-2+squeeze1.1_all.deb
Checksums-Sha256:
d081ee8a04ac3caf1113e5bf56dc4ff4d32d754793580d0e9f177c53eafd4278 2264 lighttpd_1.4.28-2+squeeze1.1.dsc
5cea176e40f9acb5fa74371cef5c94c798fd916f2410e9622af8f48eb39b8838 30685 lighttpd_1.4.28-2+squeeze1.1.debian.tar.gz
ddf7c322dd974104eac33567a24c912820edc587b0566231f5141fc335d5d1bf 287844 lighttpd_1.4.28-2+squeeze1.1_amd64.deb
45ae1d7589a6fa3d79a2aa348cfe0fc2598121420f7c56036398bf4eecdfe6c9 18810 lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1.1_amd64.deb
e8bbd39ce52e63d09169fd44bd3552aa562f547f9e437029abcf6bcaf63742a7 20424 lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1.1_amd64.deb
b4b7009fbbdd0929abe802b2c5a6faa7dcb7dbe4d3191f960e5dfdba51bc8136 23584 lighttpd-mod-cml_1.4.28-2+squeeze1.1_amd64.deb
5c9bdbc0015c50aa18a291c1100f0c691cfb0e2c9e8a29175ae94ba9fb932a91 24776 lighttpd-mod-magnet_1.4.28-2+squeeze1.1_amd64.deb
6cfb58a2acf1c3d7328ae218d5de115b65f29d41c2d30bfd1f296cbb406e45d2 30800 lighttpd-mod-webdav_1.4.28-2+squeeze1.1_amd64.deb
a0a76196dae0eda49765da6be416a1df72adb4d00d464e119cadc78f9a5752d0 60720 lighttpd-doc_1.4.28-2+squeeze1.1_all.deb
Files:
a4e30ed85b270eb3964c628b8e3982a3 2264 httpd optional lighttpd_1.4.28-2+squeeze1.1.dsc
a6ec51a245a2722bad541684297d437a 30685 httpd optional lighttpd_1.4.28-2+squeeze1.1.debian.tar.gz
23e64654ff76f9df2bc11468bde97b39 287844 httpd optional lighttpd_1.4.28-2+squeeze1.1_amd64.deb
b86a028e8cc0f80ff7130d8f8735d3e9 18810 httpd optional lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1.1_amd64.deb
61a3cc20faaeae6ed893bc15b71c0467 20424 httpd optional lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1.1_amd64.deb
4d39a47d48eb63c0d732a816dae39614 23584 httpd optional lighttpd-mod-cml_1.4.28-2+squeeze1.1_amd64.deb
10ddca1e10e43d87bccbada03ef2c551 24776 httpd optional lighttpd-mod-magnet_1.4.28-2+squeeze1.1_amd64.deb
4f0225ac98d401eb749fdb44af7027cd 30800 httpd optional lighttpd-mod-webdav_1.4.28-2+squeeze1.1_amd64.deb
0a2a5fe842a8fc5a8add445e605d37c0 60720 doc optional lighttpd-doc_1.4.28-2+squeeze1.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBAgAGBQJRHTH8AAoJEFb2GnlAHawEdb4IAKwkDdvjKGqySG6xIbifwenN
x28s1NI4l5PmDSgkQuebMvqQTzjTP+WtG6AGy97kBH5k8d4Hp3LiM1+/fVQlgJhR
XnNokisHDL8b7mRshNjCyBynGk/Gp0irtBBk+qqglXcV9SoX9IN4P9v5lvgJBcrr
rgVXJstN4iDO0c90k1qqPFOomrfICzNc6227PE1TPzTiNxjfaf/bTqR3304iH7gi
Qi/IRMMHO6MkP/m9BqUrp8dEr2YyHNZFWWBlatKZX260W559zteZhfc/zRWQkdHr
mRy/QQVVU5t4fbg4mRxCp5F8J59gLJOfji0i/oyc746VNgKtbKI519Iinwgi8wU=
=qvkW
-----END PGP SIGNATURE-----