Bug#453783: apache2: CVE-2007-4465
Package: apache2
Severity: grave
Justification: user security hole
Seems to me that Debian (sarge or etch or even sid) apache packages are
not yet patched against
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465
Seems to me that the obvious workarounds of turning Indexes off or
having an index.html everywhere, protects just fine; and wonder why
Apache does not say so.
Cheers,
Paul Szabo psz@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-spm1.11
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Reply to: