* debian/patches/90-CVE-2008-1111.dpatch:
- Fixes CVE-2008-1111
"mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the source
code of CGI scripts instead of a 500 error, which might allow remote attackers
to obtain sensitive information."
Upstream Patch: http://trac.lighttpd.net/trac/changeset/2107
-- Stephan Hermann <email address hidden> Wed, 05 Mar 2008 14:04:43 +0100
lighttpd (1.4.18-1ubuntu5) hardy; urgency=low
* debian/ patches/ 90-CVE- 2008-1111. dpatch: trac.lighttpd. net/trac/ changeset/ 2107
- Fixes CVE-2008-1111
"mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the source
code of CGI scripts instead of a 500 error, which might allow remote attackers
to obtain sensitive information."
Upstream Patch: http://
-- Stephan Hermann <email address hidden> Wed, 05 Mar 2008 14:04:43 +0100