[Secure-testing-team] [pkg-lighttpd] Bug#479276: [lighttpd] New configuration executes scripts outside of /cgi-bin/
Pierre Habouzit
madcoder at debian.org
Sun May 4 08:58:04 UTC 2008
severity 479276 normal
tag 479276 - security
thanks
On Sun, May 04, 2008 at 02:56:35AM +0000, Marcus Fritzsch wrote:
> Package: lighttpd
> Version: 1.4.19-2
> Severity: important
> Tags: security
> X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org
>
> --- Please enter the report below this line. ---
> The new configuration included with lighttpd contains the following
> lines:
Files in conf-available are snipplets meant to be adapted to your needs.
Those are not enabled by default hence it's *not* a security issue, as
administrators are supposed to read what they activate.
Though I'll quote that part in a future upload. But I see no urgency to
it yet.
--
·O· Pierre Habouzit
··O madcoder at debian.org
OOO http://www.madism.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080504/928d46ae/attachment.pgp
More information about the Secure-testing-team
mailing list