[Bug 198731] Re: [CVE-2008-1111] Failure to Handle Exceptional Conditions

Launchpad Bug Tracker Fri, 07 Mar 2008 11:37:09 -0800

This bug was fixed in the package lighttpd - 1.4.13-9ubuntu4.4

---------------
lighttpd (1.4.13-9ubuntu4.4) feisty-security; urgency=low


  * SECURITY UPDATE:
   + debian/patches/91_CVE-2008-1111.dpatch:
    - Fixes CVE-2008-1111
      "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the
      source code of CGI scripts instead of a 500 error, which might allow
      remote attackers to obtain sensitive information." (LP: #198731)
  * References
   + http://trac.lighttpd.net/trac/changeset/2107
   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111

 -- Emanuele Gentili <[EMAIL PROTECTED]>   Wed, 05 Mar 2008
14:53:26 +0100

-- 
[CVE-2008-1111] Failure to Handle Exceptional Conditions 
https://bugs.launchpad.net/bugs/198731
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 198731] Re: [CVE-2008-1111] Failure to Handle Exceptional Conditions

Reply via email to