Debian Security Advisory 1362-2 - A problem was discovered in lighttpd, a fast webserver with minimal memory footprint, which could allow the execution of arbitary code via the overflow of CGI variables when mod_fcgi was enabled. This updated advisory correctly patches the security issue, which was not handled in DSA-1362-1.
8f2ce185c7b6d39f79b8a50243c553a71135c01a934c8220d4cd825f5884f2bf
Gentoo Linux Security Advisory GLSA 200709-16 - Mattias Bengtsson and Philip Olausson have discovered a buffer overflow vulnerability in the function fcgi_env_add() in the file mod_fastcgi.c when processing overly long HTTP headers. Versions less than 1.4.18 are affected.
3093088bb71ab210ca1f21d2bbb63f87f37f0b88f1048feeb1a9f595f50aa2a1