On Fri, 29 Feb 2008, Jasper Lievisse Adriaanse wrote:
hi, here's the vendors patch to fix CVE-2008-0983 http://secunia.com/cve_reference/CVE-2008-0983/ ok to commit?
If so old version is going to be shipped with release, then could the patch I sent to the Brad be included also? The patch was accepted upstream back then but it's not in .18. It fixes the issue with group permissions: lighttpd drops supplementary groups and therefore the version shipped with OpenBSD doesn't work for me out of the box. -- Antti Harri