Apache 1.3.x security bug in woody? CAN-2003-0460 etc.

To: debian-apache@lists.debian.org
Subject: Apache 1.3.x security bug in woody? CAN-2003-0460 etc.
From: Drew Scott Daniels <umdanie8@cc.UManitoba.CA>
Date: Wed, 6 Aug 2003 15:44:35 -0500 (CDT)
Message-id: <[🔎] Pine.GSO.4.40.0308061520530.22287-100000@deneb.cc.umanitoba.ca>

Woody's apache 1.3.x seems to be still vulnerable to bug 167752 [1]. Is
this really the case? Fwiw, this *might* be one of the problems which was
fixed upstream with 1.3.28 [2]. Have the other potential security bugs
fixed in 1.3.28 been checked against apache in woody?

http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=167752 shows
that it was closed by an upload to unstable. I looked at
packages.qa.debian.org/apache and security.debian.org and I don't see that
this bug was addressed in stable.

[1] http://bugs.debian.org/~cjwatson/debbugs/bugreport.cgi?archive=no&bug=167752
This version of the bts is under development so it may be inaccurate, but
I mention it as it may be helpful.
[2] They say "CAN-2003-0460 (cve.mitre.org) (rotatelogs bug), VU#379828
(infinite loop potential), and file descriptor leakage" were addressed and
fixed.

     Drew Daniels

Reply to:

Follow-Ups:
- Re: Apache 1.3.x security bug in woody? CAN-2003-0460 etc.
  - From: Thom May <thom@debian.org>

Prev by Date: Re: a2enmod replacement status
Next by Date: Re: Apache 1.3.x security bug in woody? CAN-2003-0460 etc.
Previous by thread: Re: a2enmod replacement status
Next by thread: Re: Apache 1.3.x security bug in woody? CAN-2003-0460 etc.
Index(es):
- Date
- Thread