Ubuntu
lighttpd package

  1. Bug #198731
  2. Comment #8

Comment 8 for bug 198731

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lighttpd - 1.4.13-9ubuntu4.4

---------------
lighttpd (1.4.13-9ubuntu4.4) feisty-security; urgency=low

  * SECURITY UPDATE:
   + debian/patches/91_CVE-2008-1111.dpatch:
    - Fixes CVE-2008-1111
      "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the
      source code of CGI scripts instead of a 500 error, which might allow
      remote attackers to obtain sensitive information." (LP: #198731)
  * References
   + http://trac.lighttpd.net/trac/changeset/2107
   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111

 -- Emanuele Gentili <email address hidden> Wed, 05 Mar 2008 14:53:26 +0100