from:
+ if((auth) && (ws_decodepassword(auth,&username, &password))) {
to:
+ if((auth) && (0 == ws_decodepassword(auth,&username, &password))) {I've reported this bug and fix to the original author.
A fix for this is to change one line in
04_upstream_CVE-2007-5824_CVE-2007-5825.dpatch (the patch for
webserver.c):
