[Bug 198731] Re: [CVE-2008-1111] Failure to Handle Exceptional Conditions

Jamie Strandboge Tue, 11 Mar 2008 09:26:44 -0700

lighttpd (1.4.11-3ubuntu3.7) dapper-security; urgency=low

  * SECURITY UPDATE: 
   + debian/patches/91_CVE-2008-1111.dpatch:
    - Fixes CVE-2008-1111
      "mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the
      source code of CGI scripts instead of a 500 error, which might allow
      remote attackers to obtain sensitive information." (LP: #198731)
  * References
   + http://trac.lighttpd.net/trac/changeset/2107
   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1111


 -- Emanuele Gentili <[EMAIL PROTECTED]>  Wed, 05 Mar 2008
16:32:13 +0100


** Changed in: lighttpd (Ubuntu Dapper)
       Status: Fix Committed => Fix Released

-- 
[CVE-2008-1111] Failure to Handle Exceptional Conditions 
https://bugs.launchpad.net/bugs/198731
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 198731] Re: [CVE-2008-1111] Failure to Handle Exceptional Conditions

Reply via email to