Comment 1 for bug 198731

lighttpd (1.4.18-1ubuntu5) hardy; urgency=low

  * debian/patches/90-CVE-2008-1111.dpatch:
    - Fixes CVE-2008-1111
      "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the source
      code of CGI scripts instead of a 500 error, which might allow remote attackers
      to obtain sensitive information."
      Upstream Patch: http://trac.lighttpd.net/trac/changeset/2107

 -- Stephan Hermann <email address hidden> Wed, 05 Mar 2008 14:04:43 +0100