[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#285599: Status of CAN-2003-0987 in Woody?



Hello

[Cc to the security team.]

On 2004-12-15 Adam Conrad wrote:
> Christian Hammers wrote:
> > 
> > I cannot find a reference to CAN-2003-0987 for Debian Woody. 
> > It has been fixed in unstable/sarge in version 1.3.29.0.2-5.
> 
> While it appears to be true that this hasn't been fixed in Woody, it's
> also pretty low risk, since mod_digest doesn't even work with modern
> browsers, and hence is rarely used.  (mod_auth_digest, which does work
> with modern browsers, doesn't have the security hole)

Can you then add some kind of "+ wontfix woody" to the bug report?
It's just for people who see a Redhat/Mandrake/etc bug report and then
try to compare the CAN numbers with the Debian changelog.

To the security team: It's ok if some bugs are not worth fixing them, I
leave the decission to you and the maintainer but what is the right way
to check this? Maybe the nonvulns-woody could be enhanced by this CAN
numbers, too? 
BTW: The search engine on www.debian.org does not even find the CAN numbers
for the latest security reports :) I file a bug for this separately.

bye,

-christian-

Attachment: pgpls3zmMf11Z.pgp
Description: PGP signature


Reply to: