Project

General

Profile

Release-1 4 16 » History » Revision 2

Revision 1 (moo, 2007-08-06 06:53) → Revision 2/3 (moo, 2007-08-06 06:53)

h1. = Release Info 

 = 
  * Version: 1.4.16 
 
  * Previous version: [[Release-1.4.15|1.4.15]] 
 [wiki:Release-1.4.15 1.4.15] 
  * Branch: 1.4 
 
  * Status: Stable 
 
  * Release Purpose: Security fixes 
 
  * Release manager: darix 
 
  * Released date: 2007-07-24 

 The reader might wonder now why we delayed the release that long. We actually tried to get CVE numbers for all the bugs, to avoid confusion later. But so far we did not succeed in receiving them. As the bugs got publically announced now, we are forced to release.  


 h1.  

 = Changes from 1.4.15 

 = 
  * header parsing bug (patch: "lighttpd-1.4.x_duplicated_headers_with_folding_crash.patch":http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_duplicated_headers_with_folding_crash.patch) 
 [http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_duplicated_headers_with_folding_crash.patch lighttpd-1.4.x_duplicated_headers_with_folding_crash.patch]) 
   * "Lighttpd [http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_03.txt Lighttpd SA 2007:03":http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_03.txt 
 2007:03] 
  * various mod_auth bugs (patch: "lighttpd-1.4.x_mod_auth_sec.patch":http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_auth_sec.patch) 
 [http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_auth_sec.patch lighttpd-1.4.x_mod_auth_sec.patch]) 
   * "Lighttpd [http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_04.txt Lighttpd SA 2007:04":http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_04.txt 
 2007:04] 
   * "Lighttpd [http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_05.txt Lighttpd SA 2007:05":http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_05.txt 
 2007:05] 
   * "Lighttpd [http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_06.txt Lighttpd SA 2007:06":http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_06.txt 
 2007:06] 
   * "Lighttpd [http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_07.txt Lighttpd SA 2007:07":http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_07.txt 
 2007:07] 
  * mod_access bug 
 
   * "Lighttpd [http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_08.txt Lighttpd SA 2007:08":http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_08.txt 2007:08] (patch: "lighttpd-1.4.x_mod_access_bypass.patch":http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_auth_sec.patch) 
 [http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_auth_sec.patch lighttpd-1.4.x_mod_access_bypass.patch]) 
  * mod_fastcgi local DOS bug 
 
   * "Lighttpd [http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_09.txt Lighttpd SA 2007:09":http://www.lighttpd.net/assets/2007/7/24/lighttpd_sa2007_09.txt 2007:09] (patch: "lighttpd-1.4.x_mod_fastcgi_local_dos.patch":http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_fastcgi_local_dos.patch) 


 h1. [http://www.lighttpd.net/assets/2007/7/24/lighttpd-1.4.x_mod_fastcgi_local_dos.patch lighttpd-1.4.x_mod_fastcgi_local_dos.patch]) 

 = External references 

 = 
  * http://secunia.com/advisories/26130/ 
 
  * http://www.lighttpd.net/2007/7/24/1-4-16-let-s-ship-it 


 h1. 

 = Downloads 

 = 
  * http://www.lighttpd.net/download/lighttpd-1.4.16.tar.gz 
 
   * MD5: 04988067026e93ccb46e19fa8c17ae97 
 
   * SHA1: b160cece6c0dd15746d10957d28ba02b2e9e77ce 
 
  * http://www.lighttpd.net/download/lighttpd-1.4.16.tar.bz2 
 
   * MD5: ea671997591f772417b7e540d325f8cc 
 
   * SHA1: 8f137ff71f629fe24a745c758b72dce24a8669f2