*** This bug is a security vulnerability *** Public security bug reported:
CVE-2014-2323 is not patched in 1.4.33-1+nmu2ubuntu2 supplied with Ubuntu 14.04. The patch is attached to this report and can also be found in Debian: http://anonscm.debian.org/cgit/pkg-lighttpd/lighttpd.git/tree/debian/patches/cve-2014-2323.patch?id=debian/1.4.31-4%2bdeb7u3 For more information about the vulnerability see: http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt ** Affects: lighttpd (Ubuntu) Importance: Undecided Status: New ** Patch added: "cve-2014-2323.patch" https://bugs.launchpad.net/bugs/1475265/+attachment/4430050/+files/cve-2014-2323.patch ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1475265 Title: CVE-2014-2323 not patched in 1.4.33-1+nmu2ubuntu2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/1475265/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
