[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#381376: Status of CVE-2006-3918 #381376

On Sat, Sep 09, 2006 at 01:22:25PM +0200, Stefan Fritsch wrote:
> On Saturday 09 September 2006 12:35, Lo?c Minier wrote:
> >  I think only apache was uploaded for CVE-2006-3918, and not
> > apache2. Do you intend to issue a DSA for apache2 as well?  Or
> > isn't it affected by the vulnerability?
> >
> >  This is fixed in apache2 >= 2.0.55-4.1 in unstable.
> The issue is less severe for apache2 because it is much more difficult 
> to exploit: apache2 will first wait for the request timeout (usually 
> 5 minutes) before sending the problematic error message.

  I have a pending upload of Apache2 for this, but I've been
 unexpectantly busy.  I did intend it to be a day or two after
 the apache update.

  All being well I'll get it released tomorrow.  If not it will
 have to be midweek.


Reply to: