[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#271945: apache in woody is missing security patches/updates

Package: apache
Version: 1.3.26-0woody5
Tags: woody, security

In 1.3.28 there is a patch that prevents file descriptors leaking to
child processes, this is not present. This causes processes spawned
by php (in this case 4.1.2-6woody3, not tested 4.1.2-7.0.1 yet) to have
full access to the apache logs, sockets etc.

I suggest this patch could be backported.

Reply to: