Re: Bug#381376: Status of CVE-2006-3918 #381376
On Sat, Sep 09, 2006 at 01:22:25PM +0200, Stefan Fritsch wrote:
> On Saturday 09 September 2006 12:35, Lo?c Minier wrote:
> > I think only apache was uploaded for CVE-2006-3918, and not
> > apache2. Do you intend to issue a DSA for apache2 as well? Or
> > isn't it affected by the vulnerability?
> > This is fixed in apache2 >= 2.0.55-4.1 in unstable.
> The issue is less severe for apache2 because it is much more difficult
> to exploit: apache2 will first wait for the request timeout (usually
> 5 minutes) before sending the problematic error message.
I have a pending upload of Apache2 for this, but I've been
unexpectantly busy. I did intend it to be a day or two after
the apache update.
All being well I'll get it released tomorrow. If not it will
have to be midweek.