Red Hat Bugzilla – Bug 236489
CVE-2007-1869, CVE-2007-1870: lighttpd < 1.4.14 DoS vulnerabilities
Last modified: 2007-11-30 17:12:02 EST
All distros currently at 1.4.13.
Since 1.4.15 doesn't seem to break any configuration syntax (I've tested an
update on a few servers, some with complex setups), I've decided to update all
currently supported branches to 1.4.15, which contains these fixes.
Note that the CVE-2007-1869 bug was already fixed in the devel and EL-5
branches, but they hadn't yet been rebuilt.
Branches FC-5, FC-6 and devel (to become F7) have been updated.
No EL packages yet, since lua is still missing from EPEL.