Bug#271945: apache in woody is missing security patches/updates

To: submit@bugs.debian.org
Subject: Bug#271945: apache in woody is missing security patches/updates
From: Mark Bryars <mark.bryars@etvinteractive.com>
Date: Thu, 16 Sep 2004 13:10:17 +0100
Message-id: <[🔎] 414982A9.30007@etvinteractive.com>
Reply-to: Mark Bryars <mark.bryars@etvinteractive.com>, 271945@bugs.debian.org


Package: apache
Version: 1.3.26-0woody5
Tags: woody, security

In 1.3.28 there is a patch that prevents file descriptors leaking to
child processes, this is not present. This causes processes spawned
by php (in this case 4.1.2-6woody3, not tested 4.1.2-7.0.1 yet) to have
full access to the apache logs, sockets etc.

I suggest this patch could be backported.

Reply to:

Follow-Ups:
- Bug#271945: apache in woody is missing security patches/updates
  - From: Matt Zimmerman <mdz@debian.org>
- Bug#271945: marked as done (apache in woody is missing security patches/updates)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#271933: marked as done (CAN-2004-0786: apr_uri_parse() buffer overflow)
Next by Date: Bug#271945: apache in woody is missing security patches/updates
Previous by thread: Bug#271933: marked as done (CAN-2004-0786: apr_uri_parse() buffer overflow)
Next by thread: Bug#271945: apache in woody is missing security patches/updates
Index(es):
- Date
- Thread