Re: Wheezy and jessie updates of lighttpd

To: "Santiago R.R." <santiagorr@riseup.net>
Cc: Krzysztof Krzyżaniak <eloy@kofeina.net>, Olaf van der Spek <olafvdspek@gmail.com>, Arno Töll <arno@debian.org>, debian-lts@lists.debian.org, team@security.debian.org
Subject: Re: Wheezy and jessie updates of lighttpd
From: Sébastien Delafond <seb@debian.org>
Date: Tue, 2 Aug 2016 10:11:13 +0200
Message-id: <[🔎] 20160802081112.GA22456@hz1>
In-reply-to: <[🔎] 20160801161831.GE27702@riseup.net>
References: <alpine.DEB.2.02.1607282235400.16763@jupiter.server.alteholz.net> <1469778884.23597.3@chlor.kofeina.net> <[🔎] 20160801161831.GE27702@riseup.net>

On Aug/01, Santiago R.R. wrote:
> Please, find attached debdiffs to mitigate this in wheezy (that I plan
> to upload) and jessie. I have tested it with a python cgi taken from
> httpoxy's PoCs, and it seems to work well. However, I am not familiar
> with lighttpd, so any review is welcome.

Hi Santiago,

thanks for working on this. Could you please change your jessie debdiff
so it uses version 1.4.35-4+deb8u1 instead of 1.4.35-5 ? The rest looks
OK.

You'll also need to make sure you build with -sa, as lighttpd will be
new on security-master.

Cheers,

--Seb

Reply to:

Follow-Ups:
- Re: Wheezy and jessie updates of lighttpd
  - From: "Santiago R.R." <santiagorr@riseup.net>

References:
- Wheezy and jessie updates of lighttpd
  - From: "Santiago R.R." <santiagorr@riseup.net>

Prev by Date: Re: Coordinating uploads with identical tarballs
Next by Date: Re: Wheezy and jessie updates of lighttpd
Previous by thread: Wheezy and jessie updates of lighttpd
Next by thread: Re: Wheezy and jessie updates of lighttpd
Index(es):
- Date
- Thread