Bug#1023688: improper permissions on fcgiwrap systemd socket lead to privilege escalation to www-data under default config

configurations that rely on /run/fcgiwrap.socket being world connectable. Is this intended behaviour? Doesn't it break user's expectations, as suddenly everyone can influence httpd (nginx slaves also run under www-data, for example)? - BEGIN PATCH - Author: Anton Luka Šijanec Description

Bug#989095: debdiff patch for CVE-2021-23017

Hello! > If you fix the vulnerability please also make sure to include the CVE (Common > Vulnerabilities & Exposures) id in your changelog entry. I made a debdiff for myself according to upstream instructions from the patch [0]. It is attached to this e-mail. Link to the upstream patch was