[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Recent minor vulnerabilities in Apache: status in woody?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kevin B. McCarty wrote:
| Hi all,
|
| Can anyone tell me the status of the woody Apache 1 packages with respect
| to the following security advisories:
|
| 	CAN-2003-0993  CAN-2003-0020  CAN-2003-0987  CAN-2004-0174
|
| (There is also CAN-2004-0113 but that only appears relevant to Apache 2?)

You should check the website www.d-o/security/nonvulns-woody

At least 4 of the 5 you mention are listed there...

| These are apparently all fixed in Apache 1.3.31, now available in
unstable.
|  But the woody Apache packages appear to date back to the end of 2002.
 Are
| there any plans to backport the fixes?

For the ones on nonvulns-woody there are no fixes necessary of course
(see the webpage for more details).

CAN-2003-0987 isn't listed in any DSA or nonvulns-woody (yet)

Cheers

Luk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAtigN5UTeB5t8Mo0RAjraAJ0ekwdLCcALKg9uSCUt4aQE6ALZJgCgy/pX
Nkx0UUr81aD++srQ1f+GUWw=
=kAao
-----END PGP SIGNATURE-----
Reply to: