Package: lighttpd Version: 1.4.13-4etch4 Severity: important Tags: security patch
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for lighttpd. CVE-2008-1111[0]: mod_cgi in lighttpd is going to send the source of a cgi script if forking the cgi handler fails for some reason. it should result in a 500 instead. The default installation of Debian is not affected as it does not include the mod_cgi configuration but this should be fixed anyway. You can find a patch for this on: http://trac.lighttpd.net/trac/changeset/2107 Note the CVE id is not yet available on the mitre site but it will be soon hopefully. If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1111 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpRtK7ZGTZbY.pgp
Description: PGP signature
