lighttpd 1.4.63-1ubuntu3.1 source package in Ubuntu
Changelog
lighttpd (1.4.63-1ubuntu3.1) jammy-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds Write
- debian/patches/CVE-2022-22707.patch: mod_extforward_Forwarded function
of the mod_extforward plugin has a stack-based buffer overflow.
(LP: #1994989)
- CVE-2022-22707
* SECURITY UPDATE: Resource leak
- debian/patches/CVE-2022-41556.patch: Resource leak in gw_backend.c.
- CVE-2022-41556
-- Jack Fewx <email address hidden> Mon, 13 Feb 2023 21:33:26 -0600
Upload details
- Uploaded by:
- Jack Fewx
- Sponsored by:
- Paulo Flabiano Smorigo
- Uploaded to:
- Jammy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- httpd
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Jammy | updates | universe | web | |
| Jammy | security | universe | web |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| lighttpd_1.4.63.orig.tar.xz | 999.6 KiB | 2aef7f0102ebf54a1241a1c3ea8976892f8684bfb21697c9fffb8de0e2d6eab9 |
| lighttpd_1.4.63.orig.tar.xz.asc | 833 bytes | 0c67b5045d5c152c589d76d4b29a4ac10719071d5159f9620f1de0ba38c94453 |
| lighttpd_1.4.63-1ubuntu3.1.debian.tar.xz | 51.8 KiB | 36ccb881bbac464242faaba4439e2ea6fe3b924d2c1579ef51803aecd9fdd176 |
| lighttpd_1.4.63-1ubuntu3.1.dsc | 4.2 KiB | 09f2f05b0dc7123da9a85f7ecdfcb93c9deda1f18ccc658b159b7c324c7d73ed |
Available diffs
Binary packages built by this source
- lighttpd: fast webserver with minimal memory footprint
lighttpd is a small webserver and fast webserver developed with
security in mind and a lot of features.
It has support for
* CGI, FastCGI and SSI
* virtual hosts
* URL rewriting
* authentication (plain files, htpasswd, LDAP)
* transparent content compression
* conditional configuration
* HTTP proxying
and configuration is straight-forward and easy.
- lighttpd-dbgsym: debug symbols for lighttpd
- lighttpd-doc: documentation for lighttpd
lighttpd is a small webserver and fast webserver developed with
security in mind and a lot of features.
.
This package contains documentation for lighttpd.
- lighttpd-mod-authn-gssapi: GSSAPI authentication module for lighttpd
This package contains the authn_gssapi module for lighttpd. With
this module, it is possible to perform GSSAPI authentication.
- lighttpd-mod-authn-gssapi-dbgsym: debug symbols for lighttpd-mod-authn-gssapi
- lighttpd-mod-authn-pam: PAM authentication module for lighttpd
This package contains the authn_pam module for lighttpd. With this module, it
is possible to perform authentication using PAM.
- lighttpd-mod-authn-pam-dbgsym: debug symbols for lighttpd-mod-authn-pam
- lighttpd-mod-authn-sasl: SASL authentication module for lighttpd
This package contains the authn_sasl module for lighttpd. With this module, it
is possible to perform authentication using SASL.
- lighttpd-mod-authn-sasl-dbgsym: debug symbols for lighttpd-mod-authn-sasl
- lighttpd-mod-deflate: HTTP response compression module for lighttpd
This package contains the deflate module for lighttpd. With this module, it is
possible compress HTTP responses using zlib, brotli, or bzip2 if supported by
the client.
- lighttpd-mod-deflate-dbgsym: debug symbols for lighttpd-mod-deflate
- lighttpd-mod-geoip: GeoIP info module for lighttpd
This package contains the geoip module for lighttpd. With
this module, it is possible to distinguish users based on the location
using a GeoIP database.
.
This module is deprecated and will be removed in Debian 12 Bookworm.
Legacy GeoIP databases will not be available from upstream after May 2022.
Instead, use mod_maxminddb, which uses GeoIP2 databases.
- lighttpd-mod-geoip-dbgsym: debug symbols for lighttpd-mod-geoip
- lighttpd-mod-maxminddb: GeoIP2 info module for lighttpd
This package contains the maxminddb module for lighttpd. With
this module, it is possible to distinguish users based on the location
using a GeoIP2 database.
- lighttpd-mod-maxminddb-dbgsym: debug symbols for lighttpd-mod-maxminddb
- lighttpd-mod-mbedtls: TLS support using mbedTLS module for lighttpd
This package contains the mbedtls module for lighttpd. With this module,
it is possible serve https:// URLs. Aimed at embedded systems, mbedTLS
uses less memory than OpenSSL, though is slightly slower than OpenSSL.
- lighttpd-mod-mbedtls-dbgsym: debug symbols for lighttpd-mod-mbedtls
- lighttpd-mod-nss: TLS support using NSS crypto module for lighttpd
This package contains the nss module for lighttpd. With this module,
it is possible serve https:// URLs. NSS is an alternative to OpenSSL.
- lighttpd-mod-nss-dbgsym: debug symbols for lighttpd-mod-nss
- lighttpd-mod-openssl: TLS support using OpenSSL module for lighttpd
This package contains the openssl module for lighttpd. With this module, it is
possible serve https:// URLs.
- lighttpd-mod-openssl-dbgsym: debug symbols for lighttpd-mod-openssl
- lighttpd-mod-trigger-b4-dl: anti-deep-linking module for lighttpd
The trigger-b4-dl module for lighttpd can prevent deep linking
from other sites by requiring users to visit a trigger URL to
be able to download certain files.
- lighttpd-mod-trigger-b4-dl-dbgsym: debug symbols for lighttpd-mod-trigger-b4-dl
- lighttpd-mod-vhostdb-pgsql: PostgreSQL-based virtual host configuration module for lighttpd
This package contains the vhostdb_pgsql module for lighttpd. With this module,
it is possible to write the configuration for virtual hosts into a PostgreSQL
table instead of including it in the lighttpd configuration file.
- lighttpd-mod-vhostdb-pgsql-dbgsym: debug symbols for lighttpd-mod-vhostdb-pgsql
- lighttpd-mod-webdav: WebDAV module for lighttpd
The WebDAV module is an implementation of RFC 4918.
.
Currently supports:
GET
POST
HEAD
PROPFIND
PROPPATCH
OPTIONS
MKCOL
COPY
MOVE
DELETE
PUT
LOCK
UNLOCK
- lighttpd-mod-webdav-dbgsym: debug symbols for lighttpd-mod-webdav
- lighttpd-mod-wolfssl: TLS support using wolfSSL module for lighttpd
This package contains the wolfssl module for lighttpd. With this module,
it is possible serve https:// URLs. Aimed at embedded systems, wolfSSL
uses less memory than OpenSSL, though is slightly slower than OpenSSL.
- lighttpd-mod-wolfssl-dbgsym: debug symbols for lighttpd-mod-wolfssl
- lighttpd-modules-dbi: DBI-based modules for lighttpd
This package contains the following modules:
* mod_authn_dbi: DBI-based authentication
mod_authn_dbi performs authentication against a database server
via DBI interface.
* mod_vhostdb_dbi: DBI-based virtual host configuration
mod_vhostdb_dbi enables writing the configuration for virtual hosts
into a database table instead of including it in the lighttpd
configuration file.
.
Do not depend on this package. Depend on the provided lighttpd-mod-*
packages instead.
- lighttpd-modules-dbi-dbgsym: debug symbols for lighttpd-modules-dbi
- lighttpd-modules-ldap: LDAP-based modules for lighttpd
This package contains the following modules:
* mod_authn_ldap: With this module, it is possible to perform
authentication against an LDAP server.
* mod_vhostdb_ldap: Database backend module for using LDAP as
a source for virtual host configuration using mod_vhostdb.
.
Do not depend on this package. Depend on the provided lighttpd-mod-*
packages instead.
- lighttpd-modules-ldap-dbgsym: debug symbols for lighttpd-modules-ldap
- lighttpd-modules-lua: LUA-based modules for lighttpd
This package contains the following modules:
* mod_magnet: control the request handling module for lighttpd
mod_magnet can attract a request in several stages in the request-handling.
either at the same level as mod_rewrite, before any parsing of the URL is
done or at a later stage, when the doc-root is known and the physical-path
is already setup.
* mod_cml: cache meta language module for lighttpd
With the cache meta language, it is possible to describe to the
dependencies of a cached file to its source files/scripts. For the
cache files, the scripting language Lua is used.
THIS MODULE IS OBSOLETED, USE mod_magnet INSTEAD.
.
Do not depend on this package. Depend on the provided lighttpd-mod-*
packages instead.
- lighttpd-modules-lua-dbgsym: debug symbols for lighttpd-modules-lua
- lighttpd-modules-mysql: MySQL-based modules for lighttpd
This package contains the following modules:
* mod_authn_mysql: With this module, it is possible to perform
authentication using a MySQL table.
This module is deprecated and will be removed in Debian 12 Bookworm.
Use mod_authn_dbi instead.
* mod_mysql_vhost: With this module, it is possible to write the
configuration for virtual hosts into a MySQL table instead of
including it in the lighttpd configuration file.
This module is deprecated and will be removed in Debian 12 Bookworm.
Use mod_vhostdb_dbi or mod_vhostdb_mysql instead.
* mod_vhostdb_mysql: Database backend module for using MySQL as
a source for virtual host configuration using mod_vhostdb.
.
Do not depend on this package. Depend on the provided lighttpd-mod-*
packages instead.
- lighttpd-modules-mysql-dbgsym: debug symbols for lighttpd-modules-mysql
