Hi @gstrauss
sorry about your frustration with the time_t transition. It was very
hard on Ubuntu due to the noble release, and even though debian has more
time, I'm sure it's difficult for them as well.
lighttpd in Ubuntu is in the universe repository, meaning it's
maintained by the community at
It would also be nice if lighttpd 1.4.76 were made available in updates
for The Focal Fossa and The Bionic Beaver, and even earlier Ubuntu
releases if there are any still supported. (lighttpd 1.4.76 is able to
run with older openssl and pcre libraries.)
--
You received this bug notification beca
I should note that CVE-2022-22707 is fixed in lighttpd 1.4.64, and The
Jammy Jellyfish is running lighttpd 1.4.63.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2058045
Title:
please upgrade: lightt
** Patch added: "0005-Revert-multiple-remove-long-deprecated-modules.patch"
https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/2058045/+attachment/5765028/+files/0005-Revert-multiple-remove-long-deprecated-modules.patch
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-227
Requesting sponsorship and guidance from ubuntu-security-sponsors
Debian development is stalled and hideously broken on time64 transition
for some 32-bit platforms, which has halted just about everything else
in Debian unstable for all platforms, including 64-bit platforms.
debian/1.4.76-1 is tag
** Patch added: "0004-Revert-multiple-remove-deprecated-modules.patch"
https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/2058045/+attachment/5765002/+files/0004-Revert-multiple-remove-deprecated-modules.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs,
** Patch added:
"0003-Revert-TLS-upgrade-default-cipher-list-to-stronger-s.patch"
https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/2058045/+attachment/5765001/+files/0003-Revert-TLS-upgrade-default-cipher-list-to-stronger-s.patch
--
You received this bug notification because you are a
I am a lighttpd developer and have prepared patches for Ubuntu
updates/backports.
lighttpd 1.4.76 is the current stable lighttpd release and is the best
available version of lighttpd.
Added in lighttpd 1.4.76:
* Detect VU#421644 HTTP/2 CONTINUATION Flood
* Avoid CVE-2024-3094 xz supply chain
** Patch added:
"0002-Revert-TLS-simplify-TLS-config-remove-deprecated-opt.patch"
https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/2058045/+attachment/5765000/+files/0002-Revert-TLS-simplify-TLS-config-remove-deprecated-opt.patch
--
You received this bug notification because you are a
https://redmine.lighttpd.net/projects/lighttpd/wiki/Release-1_4_76
https://salsa.debian.org/debian/lighttpd/ has a tag for debian/1.4.76-1
lighttpd (1.4.76-1) unstable; urgency=medium
* New upstream version 1.4.76
* Detect VU#421644 HTTP/2 CONTINUATION Flood
* Avoid CVE-2024-3094 xz supply
10 matches
Mail list logo
