Subject: CVS commit: [pkgsrc-2007Q2] pkgsrc/www/lighttpd
From: Geert Hendrickx
Date: 2007-07-28 00:47:15
Message id: 20070727224715.2562821507@cvs.netbsd.org

Log Message:
Pullup ticket 2151 - requested by joerg
security update for lighttpd

- pkgsrc/www/lighttpd/Makefile				1.15
- pkgsrc/www/lighttpd/distinfo				1.10

   Module Name:	pkgsrc
   Committed By:	joerg
   Date:		Wed Jul 25 10:26:05 UTC 2007

   Modified Files:
	   pkgsrc/www/lighttpd: Makefile distinfo

   Log Message:
   Update to lighttpd 1.4.16. This fixes a number of security issues:
   - various possible NULL pointer references
   - two cases were uninitialised memory is used or memory could be
   corrupted. This might be exploitable to execute arbitrary code.
   - possible mod_access by-pass by appending /
   - a local DOS by broken FastCGI handlers

Files:
RevisionActionfile
1.14.2.1modifypkgsrc/www/lighttpd/Makefile
1.9.2.1modifypkgsrc/www/lighttpd/distinfo