has been sitting in dapper-proposed since last November and lacks the fix for this issue. So the existing -proposed package has the vulnerability. The upload you rejected was meant to replace it by fixing the vulnerability.
As it stands right now, should 1.4.11-3ubuntu3.1 ever finish SRU testing and be released, it would re-introduce this vulnerability. The intent of the 1.4.11-3ubuntu3.2 upload was to ensure (in advance) that this would not happen.
The problem is that when this was reported, there was an updated for Dapper sitting in dapper-proposed:
https:/ /launchpad. net/ubuntu/ dapper/ +source/ lighttpd
That update:
https:/ /launchpad. net/ubuntu/ dapper/ +source/ lighttpd/ 1.4.11- 3ubuntu3. 1
has been sitting in dapper-proposed since last November and lacks the fix for this issue. So the existing -proposed package has the vulnerability. The upload you rejected was meant to replace it by fixing the vulnerability.
As it stands right now, should 1.4.11-3ubuntu3.1 ever finish SRU testing and be released, it would re-introduce this vulnerability. The intent of the 1.4.11-3ubuntu3.2 upload was to ensure (in advance) that this would not happen.
Sorry I wasn't clear before (hope I am now).