X-Spam-Check-By: sourceware.org
Message-Id: <announce.43D4E4BA.2050604@lapo.it>
Date: Mon, 23 Jan 2006 15:14:18 +0100
From: Lapo Luchini <lapo AT lapo DOT it>
User-Agent: Thunderbird 1.5 (X11/20060112)
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: [ANNOUNCEMENT] Updated: lighttpd-1.4.9-1 (security fix)
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Reply-To: cygwin AT cygwin DOT com
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Version 1.4.9-1 of lighttpd has been uploaded.

lighttpd is a fast, secure and flexible webserver.

In lighttpd 1.4.8 and below is a CRITICAL bug which
allows unauthenticated users to read all files from
the documentation root.
Refer to http://lighttpd.net/news/ for a work-around
or, even better, update to this version, which also
solves the DLL ImageBase problems.

If you're not sure what version do you have you can
use the following command to both check version number
and integrity of the install:
% cygcheck -c lighttpd

lighttpd-1.4.9-1.tar.bz2
Len: 254791
MD5: 91e34739ad6575a59a0d122aea6c3eee
SHA1: 59e5c10b3c1135df5f691ea075ba77545f85cb3d

lighttpd-1.4.9-1-src.tar.bz2
Len: 799120
MD5: f5121eb42be3bb671c3560d302a69c16
SHA1: c615be08932ed2963a0e838d042246dceec360ab
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iEYEARECAAYFAkPU5JsACgkQaJiCLMjyUvuyoQCfUMAqsgtLs7ZXPSHhI47v/Zuu
LisAoKuGjv/KbDFTuDZ+VDhzgtykF9oD
=7i6c
-----END PGP SIGNATURE-----




If you have questions or comments, please send them to the Cygwin
mailing list at: cygwin AT cygwin DOT com .

              *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there.  It will be in the format:

cygwin-announce-unsubscribe-you=yourdomain DOT com AT cygwin DOT com

If you need more information on unsubscribing, start reading here:

http://sources.redhat.com/lists.html#unsubscribe-simple

Please read *all* of the information on unsubscribing that is available
starting at this URL.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/