FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

lighttpd - multiple vulnerabilities

Affected packages
		lighttpd	<	1.4.41

Details

VuXML ID	ef0033ad-5823-11e6-80cc-001517f335e2
Discovery	2016-07-31
Entry	2016-08-03

Lighttpd Project reports:

Security fixes for Lighttpd:

security: encode quoting chars in HTML and XML

security: ensure gid != 0 if server.username is set, but not server.groupname

security: disable stat_cache if server.follow-symlink = “disable”

security: httpoxy defense: do not emit HTTP_PROXY to CGI env

[source]

References

FreeBSD PR	ports/211495
URL	http://www.lighttpd.net/2016/7/31/1.4.41/