CVE-2009-4490 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4490): mini_httpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
Still vulnerable. Should we mask it?
Well, this is the same issue as several other in-tree daemons have. e.g. varnish disputed the issue. It's not safe to cat a random file in a term, though one could be of the opinion the daemon should sanitize the logs.
dropped
GLSA request filed.
This issue was resolved and addressed in GLSA 201206-27 at http://security.gentoo.org/glsa/glsa-201206-27.xml by GLSA coordinator Sean Amoss (ackle).