[pkg-lighttpd] Bug#469307: lighttpd: CVE-2008-1111 reveals cgi source if the cgi handler fork fails
nion at debian.org
Tue Mar 4 15:25:34 UTC 2008
Tags: security patch
the following CVE (Common Vulnerabilities & Exposures) id was
published for lighttpd.
mod_cgi in lighttpd is going to send the source of a cgi
script if forking the cgi handler fails for some reason. it
should result in a 500 instead.
The default installation of Debian is not affected as it
does not include the mod_cgi configuration but this should
be fixed anyway.
You can find a patch for this on:
Note the CVE id is not yet available on the mitre site but
it will be soon hopefully.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-lighttpd-maintainers/attachments/20080304/11583bb1/attachment.pgp
More information about the pkg-lighttpd-maintainers