Re: Apache 1.3.x security bug in woody? CAN-2003-0460 etc.

To: Drew Scott Daniels <umdanie8@cc.UManitoba.CA>
Cc: debian-apache@lists.debian.org
Subject: Re: Apache 1.3.x security bug in woody? CAN-2003-0460 etc.
From: Thom May <thom@debian.org>
Date: Thu, 7 Aug 2003 14:35:25 +0100
Message-id: <[🔎] 20030807133525.GA3142@mirror.positive-internet.com>
In-reply-to: <[🔎] Pine.GSO.4.40.0308061520530.22287-100000@deneb.cc.umanitoba.ca>
References: <[🔎] Pine.GSO.4.40.0308061520530.22287-100000@deneb.cc.umanitoba.ca>

* Drew Scott Daniels (umdanie8@cc.UManitoba.CA) wrote :
> Woody's apache 1.3.x seems to be still vulnerable to bug 167752 [1]. Is
> this really the case? Fwiw, this *might* be one of the problems which was
> fixed upstream with 1.3.28 [2]. Have the other potential security bugs
> fixed in 1.3.28 been checked against apache in woody?
> 
Woody's 1.3 is the reason that bug is there. Did you bother reading the bug
report? The problems were fixed in a stable security upload.
FWIW, these aren't the bugs that were fixed in 1.3.28; since they were
implemented in an extremely platform dependent way we're working on cleaning
them up in a cross platform friendly manner.
-Thom

Reply to:

Follow-Ups:
- Re: Apache 1.3.x security bug in woody? CAN-2003-0460 etc.
  - From: Drew Scott Daniels <umdanie8@cc.UManitoba.CA>

References:
- Apache 1.3.x security bug in woody? CAN-2003-0460 etc.
  - From: Drew Scott Daniels <umdanie8@cc.UManitoba.CA>

Prev by Date: Apache 1.3.x security bug in woody? CAN-2003-0460 etc.
Next by Date: Bug#204508: apache: mod_rewrite can't rewrite to filenames containing a '?'
Previous by thread: Apache 1.3.x security bug in woody? CAN-2003-0460 etc.
Next by thread: Re: Apache 1.3.x security bug in woody? CAN-2003-0460 etc.
Index(es):
- Date
- Thread