Confirmed the bug using a minimal sid chroot where bozohttpd and dhelp were installed with default configurations. The fix is to insert a symlink with name doc inside /var/www pointing to /usr/share/doc. That is, issue (as root) the command:
ln -s /usr/share/doc /var/www/doc
The bug went un-noticed because the default up-to recently configuration of
apache included an "Alias /doc /usr/share/doc" directive. However this isn't
anymore true due to CVE-2012-0216 (cf. for example apache2_2.2.16-6+squeeze7
changelog); so this bug will also show up with a recent apache installation.
I will review the situation and prepare a fix asap.
regards
George Zarkadas
signature.asc
Description: This is a digitally signed message part
