The configuration file for the FastCGI PHP support for lighthttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition. (CVSS:1.9) (Last Update:2013-03-22)

Read More

Backports integrated into the main archive

Hash: SHA256

      Dear users of the backports service!

 The Backports Team is pleased to announce the next important step
on getting backports more integrated.  People who are reading
debian-infrastructure-announce[1] will have seen that there was an
archive maintenance last weekend: starting with wheezy-backports the
packages will be accessible from the regular pool instead of a separate

== For Users ==

 What exactly does that mean for you?  For users of wheezy, the
sources.list entry will be different, a simple substitute of squeeze
for wheezy won't work.  The new format is:

 deb wheezy-backports main

 So it is debian instead of debian-backports, and offered through the
regular mirror network.  Feel invited to check your regular mirror if
it carries backports and pull from there.

== For Contributers ==

 Please read the mail to debian-devel-announce[5] instead. :)

 Just one thing mentioned here:  technically wheezy-backports a

Read More