FFe: lighttpd 1.4.31-3ubuntu2
Bug #1159731 reported by
Lorenzo De Liso
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lighttpd (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
The new Ubuntu version is just an import of the last version in Debian (lighttpd 1.4.31-4). It fixes a security issue (see CVE 2013-1427).
Changelog entry since currently raring version 1.4.31-3ubuntu1:
lighttpd (1.4.31-3ubuntu2) raring; urgency=low
* Import change from debian version 1.4.31-4:
- CVE-2013-1427: Switch the socket path for PHP when using FASTCGI. /tmp
is world-writable which may cause security implications if an attacker
manages to control /tmp/php.socket before the web server (re-)starts.
-- Lorenzo De Liso <email address hidden> Mon, 25 Mar 2013 11:55:53 +0100
It builds and installs on raring, a build log is attached.
CVE References
To post a comment you must log in.
No FFe needed for bug fixes.