FFe: lighttpd 1.4.31-3ubuntu2

Bug #1159731 reported by Lorenzo De Liso on 2013-03-25
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lighttpd (Ubuntu)

Bug Description

The new Ubuntu version is just an import of the last version in Debian (lighttpd 1.4.31-4). It fixes a security issue (see CVE 2013-1427).

Changelog entry since currently raring version 1.4.31-3ubuntu1:

lighttpd (1.4.31-3ubuntu2) raring; urgency=low

  * Import change from debian version 1.4.31-4:
    - CVE-2013-1427: Switch the socket path for PHP when using FASTCGI. /tmp
      is world-writable which may cause security implications if an attacker
      manages to control /tmp/php.socket before the web server (re-)starts.

 -- Lorenzo De Liso <email address hidden> Mon, 25 Mar 2013 11:55:53 +0100

It builds and installs on raring, a build log is attached.

CVE References

Lorenzo De Liso (blackz) wrote :
Lorenzo De Liso (blackz) wrote :
Scott Kitterman (kitterman) wrote :

No FFe needed for bug fixes.

Lorenzo De Liso (blackz) wrote :

Right. Sorry, this was originally filed for a feature but then I didn't modify it anymore and subscribed ubuntu-release. By the way, marking "Fix Released"; thanks

Changed in lighttpd (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers