-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 18 Dec 2011 20:37:18 +0100 Source: lighttpd Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet lighttpd-mod-webdav Architecture: i386 Version: 1.4.28-2+squeeze1 Distribution: squeeze-security Urgency: high Maintainer: i386 Build Daemon Changed-By: Arno Töll Description: lighttpd - A fast webserver with minimal memory footprint lighttpd-doc - Documentation for lighttpd lighttpd-mod-cml - Cache meta language module for lighttpd lighttpd-mod-magnet - Control the request handling module for lighttpd lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd lighttpd-mod-trigger-b4-dl - Anti-deep-linking module for lighttpd lighttpd-mod-webdav - WebDAV module for lighttpd Changes: lighttpd (1.4.28-2+squeeze1) stable-security; urgency=high . * Backport security issues from 1.4.30: + Fix integer overflow (CVE-2011-4362) + Fix attack vector as disclosed by the SSL BEAST attack (related: CVE-2011-3389). Note: If you are upgrading from an older version you need to change your configuration to mitigate effects of the attack. See the corresponding NEWS file for details. Checksums-Sha1: 8cb4153d6cbfe073a1147b4d6e9a3882394e85b8 276136 lighttpd_1.4.28-2+squeeze1_i386.deb 87a65913acf8b249c1fb30bde0d929c5b58d1a81 18024 lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1_i386.deb 76731faec13a4d06818a0ed556361090c72d36da 19756 lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1_i386.deb a74f8f17353dec7e747a0cfaffde2dd2a24a73be 22708 lighttpd-mod-cml_1.4.28-2+squeeze1_i386.deb 00762da53fb22553b2751cb3939b0c41c7aa866f 23654 lighttpd-mod-magnet_1.4.28-2+squeeze1_i386.deb 088f6b9eddfd72dd050100c19f403d3312144399 30512 lighttpd-mod-webdav_1.4.28-2+squeeze1_i386.deb Checksums-Sha256: ffc3135a3efcd0767e54f5eb77ec4f56ef755282d74ea10c0cc139cd7c2c844b 276136 lighttpd_1.4.28-2+squeeze1_i386.deb c4fcdb897adaae82d096ac798e91f2a729b6094bc17859b03e01a58b4c5e8266 18024 lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1_i386.deb 8cc1eafa41ffa4f9bb164406ccdb4d333c7dcc703db866ec92f06223440ae699 19756 lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1_i386.deb 4e62ed95e57563a8ebd0f60fc7c2152ac04849b5585f594d772a0480f35c9241 22708 lighttpd-mod-cml_1.4.28-2+squeeze1_i386.deb 3e27d3a26c0750d0edf57faaa1e0d73845f81496a6cf982955f644ccfb8b7f27 23654 lighttpd-mod-magnet_1.4.28-2+squeeze1_i386.deb 8770843b4d99c7e558b88238cc290e56103fd69f0dc8e7460e4e0d8adcb40dee 30512 lighttpd-mod-webdav_1.4.28-2+squeeze1_i386.deb Files: 19af6c208379e8f087b5bedf61c5dfee 276136 httpd optional lighttpd_1.4.28-2+squeeze1_i386.deb e0f821b306cf27a608e318698cb7d24e 18024 httpd optional lighttpd-mod-mysql-vhost_1.4.28-2+squeeze1_i386.deb 4ff4b59a3805910d111bb340641acd7b 19756 httpd optional lighttpd-mod-trigger-b4-dl_1.4.28-2+squeeze1_i386.deb 8e44c0319885c3df277ca0f5032306d6 22708 httpd optional lighttpd-mod-cml_1.4.28-2+squeeze1_i386.deb d6c43afbf8b5f1547f307fbba61a207a 23654 httpd optional lighttpd-mod-magnet_1.4.28-2+squeeze1_i386.deb a4154b924e126ea4d3154964727ec758 30512 httpd optional lighttpd-mod-webdav_1.4.28-2+squeeze1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIbBAEBCAAGBQJO8ROEAAoJECkckSfIPUEsSw0P9jBPL1qezEf4hq72pbz7LF1u AiAIJFBl/Y962yrG+yR0MHrxIqR1KqFh0Dy9q2mFsU26nRI00jvRvVgI171WkHyh e0PxEnroC6SatZ2PftdteiX/74WJvf9W5FTVlr2eyaBMB3UsD/6CRuOvBhCFrneA gCvB7+HhXQB5YfcM4NtLeq55H+AKXjzFQs0A3rGm+UUN3/ro6fqnESImuHXtQXY6 hZ0QjlNf2Zxl1SAlmM3m0h6iWkX+gFPgLbL3sJLUZmtQ+tqS+zxmA+xcFcjcdSkD wrNnPtdnht4rsYCjGDeGnnKj6pusjng203ZP8+kHbYa3y5zGT1ukquM84b+HdII1 DOwAEafEOqWLSZUm+5l9F8N6z5hpqUVR9aQEMo1brvQ22LdGceLVhLRWpE6XWyD6 pAup3+kFR7R3dKiYu+iO51hx0oTIrB/jAilz8d3/5fUWvxFrLonfqaSkeBlEBP5P iVAG0AXKmDRJ9laXq0giz6h+0rRVMioJA+p4ooxGhGmVKEZaihLq7rpDRp641IAu raK/zyhHq+LDpAqYpkuK7/IfsDfXj6KSWRfIz+xRkMs53mXaz4vDgHkwGZB9Q3vI qfH6hSgRcQLm2hID8AFYkWvVBW9mrElFiL7ih+AzNJdywEjax5CbZdCjajHMDAuL uA8itqRfmuIDDbCT9VM= =aSGZ -----END PGP SIGNATURE-----