Bug#357561: privilege escalation hole

To: Joey Hess <joeyh@debian.org>
Cc: Daniel Leidert <daniel.leidert@wgdd.de>, 357561@bugs.debian.org
Subject: Bug#357561: privilege escalation hole
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Fri, 2 Mar 2007 00:33:56 +0100
Message-id: <[🔎] 20070301233356.GA4360@galadriel.inutil.org>
Reply-to: Moritz Muehlenhoff <jmm@inutil.org>, 357561@bugs.debian.org
In-reply-to: <[🔎] 20070301043223.GA31372@kitenet.net>
References: <[🔎] 20070301033058.31705.29391.reportbug@localhost> <[🔎] 20070301043223.GA31372@kitenet.net>

Joey Hess wrote:
> On the third hand, this bug has documented a security hole with exploit
> in apache for about 2 weeks without any reaction from its maintainers,
> and was open for many months before that without any reaction from them.
> If apache isn't being maintained, it might be better to drop it from
> etch anyway.

Indeed, I'm quite disappointed about apache 1.3 still being in Etch.
Debian is the _only_ distribution still shipping it; the maintainers
couldn't provide _any_ valid reason to still include it (like an important
module not ported to 2.x) and claimed that they would provide all security
updates for 1.3 issues. Well...

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Bug#357561: privilege escalation hole
  - From: Michelle Konzack <linux4michelle@freenet.de>

References:
- Bug#357561: privilege escalation hole
  - From: Daniel Leidert <daniel.leidert@wgdd.de>
- Bug#357561: privilege escalation hole
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Bug#357561: privilege escalation hole
Next by Date: Processing of apache_1.3.34-4.1_i386.changes
Previous by thread: Bug#357561: privilege escalation hole
Next by thread: Bug#357561: privilege escalation hole
Index(es):
- Date
- Thread