Ubuntu
lighttpd package

FFe: lighttpd 1.4.31-3ubuntu2

Bug #1159731 reported by Lorenzo De Liso
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lighttpd (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

The new Ubuntu version is just an import of the last version in Debian (lighttpd 1.4.31-4). It fixes a security issue (see CVE 2013-1427).

Changelog entry since currently raring version 1.4.31-3ubuntu1:

lighttpd (1.4.31-3ubuntu2) raring; urgency=low

  * Import change from debian version 1.4.31-4:
    - CVE-2013-1427: Switch the socket path for PHP when using FASTCGI. /tmp
      is world-writable which may cause security implications if an attacker
      manages to control /tmp/php.socket before the web server (re-)starts.

 -- Lorenzo De Liso <email address hidden> Mon, 25 Mar 2013 11:55:53 +0100

It builds and installs on raring, a build log is attached.

CVE References

Revision history for this message
Lorenzo De Liso (blackz) wrote :
Revision history for this message
Lorenzo De Liso (blackz) wrote :
Revision history for this message
Scott Kitterman (kitterman) wrote :

No FFe needed for bug fixes.

Revision history for this message
Lorenzo De Liso (blackz) wrote :

Right. Sorry, this was originally filed for a feature but then I didn't modify it anymore and subscribed ubuntu-release. By the way, marking "Fix Released"; thanks

Changed in lighttpd (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.