Ubuntu
lighttpd package

  1. Bug #198731
  2. Comment #9

Comment 9 for bug 198731

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

lighttpd (1.4.11-3ubuntu3.7) dapper-security; urgency=low

  * SECURITY UPDATE:
   + debian/patches/91_CVE-2008-1111.dpatch:
    - Fixes CVE-2008-1111
      "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the
      source code of CGI scripts instead of a 500 error, which might allow
      remote attackers to obtain sensitive information." (LP: #198731)
  * References
   + http://trac.lighttpd.net/trac/changeset/2107
   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111

 -- Emanuele Gentili <email address hidden> Wed, 05 Mar 2008 16:32:13 +0100