From d5d48254dc539dfb3f50d18fa3d72a1effd74267 Mon Sep 17 00:00:00 2001
From: Gustavo Zacarias
Date: Tue, 9 Feb 2010 11:30:06 -0300
Subject: Bump lighttpd to 1.4.26

Closes #1063.

lighttpd 1.4.26 fixes:

* Request parser handling for splitted header data
* FD leak in mod_cgi
* Segfault with broken configs in mod_rewrite/mod_redirect
* An OOM/DoS vulnerability (CVE-2010-0295)

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
---
 CHANGES | 1 +
 1 file changed, 1 insertion(+)

(limited to 'CHANGES')

diff --git a/CHANGES b/CHANGES
index 6037b24e9..9f9aa015c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -50,6 +50,7 @@
 	#1009: [SECURITY] Bump php to 5.2.12
 	#1015: [SECURITY] Bump bind to 9.5.1-P2
 	#1027: Busybox flash commands conflict with those from mtd-utils
+	#1063: [SECURITY] Update lighttpd to 1.4.26
 
 2009.11, Released December 1st, 2009:
 
-- 
cgit v1.2.3-55-g7522