-
Committer:
Bazaar Package Importer
-
Author(s):
Emanuele Gentili
-
Date:
2008-03-05 14:53:26 UTC
-
Revision ID:
james.westby@ubuntu.com-20080305145326-i0xdwyi211zfa0en
Tags: 1.4.13-9ubuntu4.4
* SECURITY UPDATE:
+ debian/patches/91_CVE-2008-1111.dpatch:
- Fixes CVE-2008-1111
"mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the
source code of CGI scripts instead of a 500 error, which might allow
remote attackers to obtain sensitive information." (LP: #198731)
* References
+ http://trac.lighttpd.net/trac/changeset/2107
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111