The problem is that when this was reported, there was an updated for Dapper sitting in dapper-proposed:
https://launchpad.net/ubuntu/dapper/+source/lighttpd That update: https://launchpad.net/ubuntu/dapper/+source/lighttpd/1.4.11-3ubuntu3.1 has been sitting in dapper-proposed since last November and lacks the fix for this issue. So the existing -proposed package has the vulnerability. The upload you rejected was meant to replace it by fixing the vulnerability. As it stands right now, should 1.4.11-3ubuntu3.1 ever finish SRU testing and be released, it would re-introduce this vulnerability. The intent of the 1.4.11-3ubuntu3.2 upload was to ensure (in advance) that this would not happen. Sorry I wasn't clear before (hope I am now). -- DoS-vulnerability in lighttpd https://bugs.launchpad.net/bugs/107628 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
