-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 18 Dec 2011 20:37:18 +0100 Source: lighttpd Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet lighttpd-mod-webdav Architecture: kfreebsd-amd64 Version: 1.4.28-2+squeeze1 Distribution: squeeze-security Urgency: high Maintainer: kfreebsd-amd64 Build Daemon (fasch) Changed-By: Arno Töll Description: lighttpd - A fast webserver with minimal memory footprint lighttpd-doc - Documentation for lighttpd lighttpd-mod-cml - Cache meta language module for lighttpd lighttpd-mod-magnet - Control the request handling module for lighttpd lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd lighttpd-mod-trigger-b4-dl - Anti-deep-linking module for lighttpd lighttpd-mod-webdav - WebDAV module for lighttpd Changes: lighttpd (1.4.28-2+squeeze1) stable-security; urgency=high . * Backport security issues from 1.4.30: + Fix integer overflow (CVE-2011-4362) + Fix attack vector as disclosed by the SSL BEAST attack (related: CVE-2011-3389). Note: If you are upgrading from an older version you need to change your configuration to mitigate effects of the attack. See the corresponding NEWS file for details. Checksums-Sha1: c9902d9ff87a9d4d27759c2e3e800296ab62046e 285846 lighttpd_1.4.28-2+squeeze1_kfreebsd-amd64.deb 61ac2f6334c7cbc4638bc863e5bc8141710f127a 18350 lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1_kfreebsd-amd64.deb efdf4647c8b900f73a215fbba7ef7fa9dc0f6004 19378 lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1_kfreebsd-amd64.deb cf5f046912ac8764da628edd1edbc8f4cc141092 22356 lighttpd-mod-cml_1.4.28-2+squeeze1_kfreebsd-amd64.deb 66f862fd95ef85966e6d50212c6487318a618787 24354 lighttpd-mod-magnet_1.4.28-2+squeeze1_kfreebsd-amd64.deb caa78904490070fd7f268638ecec70ddeb8d1d66 30312 lighttpd-mod-webdav_1.4.28-2+squeeze1_kfreebsd-amd64.deb Checksums-Sha256: cd165870ec4ae6428f58617d0218291c1c6f0c9bd975ee715eabdddc401e1375 285846 lighttpd_1.4.28-2+squeeze1_kfreebsd-amd64.deb 557b0f3dc472f3d9e4c96a44025fd38dd3fa28e6514483142fc0a652023029e5 18350 lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1_kfreebsd-amd64.deb 136c2091ce351c96030212c5f4cbf052d445bf4fa141d1b544848242d3a9fcb7 19378 lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1_kfreebsd-amd64.deb 35d01d6254ec94931c15a69ea7e1b3f9381007a2ace436ecc43aaa175cefc35c 22356 lighttpd-mod-cml_1.4.28-2+squeeze1_kfreebsd-amd64.deb ee74fd7f7b9438202e4578b1c50abba91450237e47cb092abd1d20fc3b52b19f 24354 lighttpd-mod-magnet_1.4.28-2+squeeze1_kfreebsd-amd64.deb f5281afd1e7d7637960d9d2cdedc1fc04016a287f641c8d3f1a180c547bd5aa4 30312 lighttpd-mod-webdav_1.4.28-2+squeeze1_kfreebsd-amd64.deb Files: ed0d18ae9ffd48a983b34f83c04469e0 285846 httpd optional lighttpd_1.4.28-2+squeeze1_kfreebsd-amd64.deb 7ea778e0159f7dd9097bb36b187848c7 18350 httpd optional lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1_kfreebsd-amd64.deb 83bc6777591e4e64d7b7d25909058e77 19378 httpd optional lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1_kfreebsd-amd64.deb f450702ea83abe8ef9df3b6125412c62 22356 httpd optional lighttpd-mod-cml_1.4.28-2+squeeze1_kfreebsd-amd64.deb f6407c44b23ba305e8a0127a5949f1fb 24354 httpd optional lighttpd-mod-magnet_1.4.28-2+squeeze1_kfreebsd-amd64.deb 0dcbad84f70f0409814fc678d0605bc2 30312 httpd optional lighttpd-mod-webdav_1.4.28-2+squeeze1_kfreebsd-amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/kFreeBSD) iQIcBAEBAgAGBQJO8Xt8AAoJELV0nKsIaKwSkq0QAJmT4p5reGd8pvq0CVnEyz5V IrUsMzh3aCx0VyTs9tfn9apRKESdVuUiLVower89GFGSkW1bxoHyS6ks9Zrl5lbi T3OC9pRgTMVeLilMi/v84fnrq8m1snfrX6VBtGtY4QJmacCcDTqlTFNlBrXzAMUt za7emYmTlO7eS3hv/IVZcg5O4YhhkhiRDTWcDtHf/5+vt88hMQ0/bnbrBYaHgblZ 2dPCwfdLRl4kbiAOQPkzebDj+kJOrq609XxPvobWuCsqHHbZgrk9Ch0XymemqFBi yKsNy/A8YjJn6cNnhNLnywLRpUvQagKPfozyGOtqBCOA1z1OeEAHikG8FiXptYds /BbAESEqv4XaKPLdGq86Yec45NRhvZPraXSWx0wzrZjIOl5ihmD44qR3kgjnreFU JDS7q9MHJaRNJuvtoazfQ2wTtiXXZECAs2kY1ZWXuFnJBS0//1pH8L6HYdbmKtEM OuTmoYzO0t2i77JWC+GkNMoa9AiBkGRcVj0JvFpuRTB91CG+YSEYyiRW7gHZm+SR Z+bW+ZPVH54Y//d+Czu7HeVNlQKZxCE3Nz7jj0VZfdZBHoIFpt/kIXIc2ZfHd808 GqZty+c0ZlLHZtzMEJOVmFqpOBeilIlOH+PP7CC6jY9MiBoiNRMbYgi9BaS0O/zN ZJL9gpWtdep3/CRxzehg =1LLk -----END PGP SIGNATURE-----