Re: 1.3.26 coming soon?

To: debian-apache@lists.debian.org
Cc: Clint Byrum <cbyrum@spamaps.org>
Subject: Re: 1.3.26 coming soon?
From: Andrew Shugg <andrew@neep.com.au>
Date: Wed, 26 Jun 2002 00:46:54 +0800
Message-id: <[🔎] 20020626004651.A25914@neep.com.au>
Mail-followup-to: debian-apache@lists.debian.org, Clint Byrum <cbyrum@spamaps.org>
In-reply-to: <[🔎] 1024599805.605.12.camel@galahad>; from cbyrum@spamaps.org on Thu, Jun 20, 2002 at 12:03:24PM -0700
References: <[🔎] 1024599805.605.12.camel@galahad>

Clint Byrum said:
> I didn't see much discussion of this in the archives. 1.3.26 fixes a
> serious remote root hole that has been confirmed to work on OpenBSD, and
> according to several security people, Linux.
> 
> I understand that the fix was put into 'stable'... but there are a *TON*
> of Woody boxes out there. Shouldn't this go in to at least sid, if not
> woody? This is, I believe, a very urgent problem.

Clint,

You hopefully saw the email ("Security updates for woody") that Matthew
Wilcox sent to the list just a little while before this email from you,
which pretty much addressed this question.  If not, read on ...

Pre-release apache 1.3.26 packages were made available on June 20 and
you can pick them up with this (temporary!) addition to your apt
sources.list file:

  deb http://satie.debian.org/~willy ./

Then 'apt-get update ; apt-get -s upgrade' as usual to see what's going
to happen.  I've been running these 1.3.26 packages on ia32 for a while
now and they haven't exploded or anything yet.

However I'm not quite clear on the procedure for these packages entering
the woody distribution (the testing pool) during the freeze.  I'm aware
of the changes happening to allow the security team to make updates, and
as I understand the 1.3.26 packages have already been uploaded to the
unstable pool.  I don't see the 1.3.26 packages in the testing excuses
page, though:

  http://ftp-master.debian.org/testing/update_excuses.html

(I see apache-ssl 1.3.24 in there ...)  As I understand it this means
that the 1.3.26 packages aren't going to be entering woody by the normal
method, so I assume willy has uploaded (or will upload?) the woody
packages via the security Incoming area?

> I'm new to the underlying process of Debian development, so if I have
> circumvented channels by posting here, I appologize.

Well nobody shouted at you, so that's always a good start ...  =)

Andrew.

-- 
Andrew Shugg <andrew@neep.com.au>                   http://www.neep.com.au/

"Just remember, Mr Fawlty, there's always someone worse off than yourself."
"Is there?  Well I'd like to meet him.  I could do with a good laugh."


-- 
To UNSUBSCRIBE, email to debian-apache-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: 1.3.26 coming soon?
  - From: Kjetil Kjernsmo <kjetil@kjernsmo.net>

References:
- 1.3.26 coming soon?
  - From: Clint Byrum <cbyrum@spamaps.org>

Prev by Date: Bug#150853: /usr/sbin/ssl-certificate limited to 40 Chars email!
Next by Date: Re: Packaging mod_frontpage?
Previous by thread: 1.3.26 coming soon?
Next by thread: Re: 1.3.26 coming soon?
Index(es):
- Date
- Thread