Public bug reported:
The new Ubuntu version is just an import of the last version in Debian
(lighttpd 1.4.31-4). It fixes a security issue (see CVE 2013-1427).
Changelog entry since currently raring version 1.4.31-3ubuntu1:
lighttpd (1.4.31-3ubuntu2) raring; urgency=low
* Import change from debian version 1.4.31-4:
- CVE-2013-1427: Switch the socket path for PHP when using FASTCGI. /tmp
is world-writable which may cause security implications if an attacker
manages to control /tmp/php.socket before the web server (re-)starts.
-- Lorenzo De Liso <[email protected]> Mon, 25 Mar 2013 11:55:53 +0100
It builds and installs on raring, a build log is attached.
** Affects: lighttpd (Ubuntu)
Importance: Wishlist
Status: New
** Patch added: "lighttpd_1.4.31-3ubuntu2.debdiff"
https://bugs.launchpad.net/bugs/1159731/+attachment/3595771/+files/lighttpd_1.4.31-3ubuntu2.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1159731
Title:
FFe: lighttpd 1.4.31-3ubuntu2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/1159731/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
