Package: lighttpd
Version: 1.4.13-4etch1
Severity: critical
Tags: security
Justification: arbitrary code execution
Bug info:
http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
Patch:
http://www.lighttpd.net/download/lighttpd-1.4.x_mod_fastcgi_overrun.patch
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.19
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages lighttpd depends on:
ii libattr12.4.32-1 Extended attribute shared library
ii libbz2-1.0 1.0.3-6 high-quality block-sorting file co
ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries
ii libldap22.1.30-13.3 OpenLDAP libraries
ii libpcre36.7-1Perl 5 Compatible Regular Expressi
ii libssl0.9.8 0.9.8c-4 SSL shared libraries
ii lsb-base3.1-23.1 Linux Standard Base 3.1 init scrip
ii mime-support3.39-1 MIME files 'mime.types' 'mailcap
ii zlib1g 1:1.2.3-13 compression library - runtime
Versions of packages lighttpd recommends:
ii php5-cgi5.2.3-0.dotdeb.0 server-side, HTML-embedded scripti
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]