This bug was fixed in the package lighttpd - 1.4.18-1ubuntu1.2
--------------- lighttpd (1.4.18-1ubuntu1.2) gutsy-security; urgency=low
* SECURITY UPDATE: + debian/patches/91_CVE-2008-1111.dpatch: - Fixes CVE-2008-1111 "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the source code of CGI scripts instead of a 500 error, which might allow remote attackers to obtain sensitive information." (LP: #198731) * References + http://trac.lighttpd.net/trac/changeset/2107 + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111
-- Emanuele Gentili <email address hidden> Wed, 05 Mar 2008 14:28:27 +0100
This bug was fixed in the package lighttpd - 1.4.18-1ubuntu1.2
---------------
lighttpd (1.4.18-1ubuntu1.2) gutsy-security; urgency=low
* SECURITY UPDATE: patches/ 91_CVE- 2008-1111. dpatch: trac.lighttpd. net/trac/ changeset/ 2107 www.cve. mitre.org/ cgi-bin/ cvename. cgi?name= 2008-1111
+ debian/
- Fixes CVE-2008-1111
"mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the
source code of CGI scripts instead of a 500 error, which might allow
remote attackers to obtain sensitive information." (LP: #198731)
* References
+ http://
+ http://
-- Emanuele Gentili <email address hidden> Wed, 05 Mar 2008 14:28:27 +0100