Confirmed the bug using a minimal sid chroot where bozohttpd and dhelp were installed with default configurations. The fix is to insert a symlink with name doc inside /var/www pointing to /usr/share/doc. That is, issue (as root) the command:
ln -s /usr/share/doc /var/www/doc The bug went un-noticed because the default up-to recently configuration of apache included an "Alias /doc /usr/share/doc" directive. However this isn't anymore true due to CVE-2012-0216 (cf. for example apache2_2.2.16-6+squeeze7 changelog); so this bug will also show up with a recent apache installation. I will review the situation and prepare a fix asap. regards George Zarkadas
signature.asc
Description: This is a digitally signed message part