PublicDate: 2008-03-27 23:44:00 UTC
Candidate: CVE-2008-1531
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531
Description:
 The connection_state_machine function (connections.c) in lighttpd 1.4.19
 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a
 denial of service (active SSL connection loss) by triggering an SSL error,
 such as disconnecting before a download has finished, which causes all
 active SSL connections to be lost.
Ubuntu-Description:
Notes:
Bugs:
 https://launchpad.net/bugs/209627
 https://bugs.launchpad.net/ubuntu/jaunty/+source/lighttpd/+bug/279490
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_lighttpd:
 debdiff: https://bugs.launchpad.net/ubuntu/jaunty/+source/lighttpd/+bug/279490
upstream_lighttpd: released (1.4.19)
dapper_lighttpd: ignored (reached end-of-life)
edgy_lighttpd: released (1.4.13~r1370-1ubuntu1.7)
feisty_lighttpd: released (1.4.13-9ubuntu4.6)
gutsy_lighttpd: released (1.4.18-1ubuntu1.4)
hardy_lighttpd: released (1.4.19-0ubuntu3)
intrepid_lighttpd: released (1.4.19-0ubuntu3)
jaunty_lighttpd: released (1.4.19-0ubuntu3)
karmic_lighttpd: released (1.4.19-0ubuntu3)
devel_lighttpd: released (1.4.19-0ubuntu3)