Debian Security Advisory DSA 1205-2 (thttpd)

The remote host is missing an update to thttpd announced via advisory DSA 1205-2. Marco d'Itri discovered that thttpd, a small, fast and secure webserver, makes use of insecure temporary files when its logfiles are rotated, which might lead to a denial of service through a symlink attack. The original advisory for this issue didn't contain fixed packages for all supported architectures which are corrected in this update.

For the stable distribution (sarge) this problem has been fixed in version 2.23beta1-3sarge2 For the unstable distribution (sid) this problem has been fixed in version 2.23beta1-5 We recommend that you upgrade your thttpd package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201205-2