From 78cea4defc1bf145dea44932a5921237a7fcf2c9 Mon Sep 17 00:00:00 2001 From: ghen Date: Fri, 27 Jul 2007 22:47:14 +0000 Subject: Pullup ticket 2151 - requested by joerg security update for lighttpd - pkgsrc/www/lighttpd/Makefile 1.15 - pkgsrc/www/lighttpd/distinfo 1.10 Module Name: pkgsrc Committed By: joerg Date: Wed Jul 25 10:26:05 UTC 2007 Modified Files: pkgsrc/www/lighttpd: Makefile distinfo Log Message: Update to lighttpd 1.4.16. This fixes a number of security issues: - various possible NULL pointer references - two cases were uninitialised memory is used or memory could be corrupted. This might be exploitable to execute arbitrary code. - possible mod_access by-pass by appending / - a local DOS by broken FastCGI handlers --- www/lighttpd/Makefile | 4 ++-- www/lighttpd/distinfo | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/www/lighttpd/Makefile b/www/lighttpd/Makefile index 8b4c62dd1ab..231d76b8f32 100644 --- a/www/lighttpd/Makefile +++ b/www/lighttpd/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.14 2007/04/19 16:16:17 joerg Exp $ +# $NetBSD: Makefile,v 1.14.2.1 2007/07/27 22:47:14 ghen Exp $ -DISTNAME= lighttpd-1.4.15 +DISTNAME= lighttpd-1.4.16 CATEGORIES= www MASTER_SITES= http://www.lighttpd.net/download/ diff --git a/www/lighttpd/distinfo b/www/lighttpd/distinfo index 56d0482734d..3795cd49e7e 100644 --- a/www/lighttpd/distinfo +++ b/www/lighttpd/distinfo @@ -1,5 +1,5 @@ -$NetBSD: distinfo,v 1.9 2007/04/19 16:16:17 joerg Exp $ +$NetBSD: distinfo,v 1.9.2.1 2007/07/27 22:47:14 ghen Exp $ -SHA1 (lighttpd-1.4.15.tar.gz) = 67ba1279a0eaeda728c1e1143d302beb364a034c -RMD160 (lighttpd-1.4.15.tar.gz) = a38cb73797da1b8773b4c4a34f16be097667db57 -Size (lighttpd-1.4.15.tar.gz) = 794327 bytes +SHA1 (lighttpd-1.4.16.tar.gz) = b160cece6c0dd15746d10957d28ba02b2e9e77ce +RMD160 (lighttpd-1.4.16.tar.gz) = 71743363b9992ce726fffe40af0f75c66a2f6006 +Size (lighttpd-1.4.16.tar.gz) = 795818 bytes -- cgit v1.2.3