Re: [OSRM] please review apache2 2.0.54-5sarge2

To: Martin Zobel-Helas <zobel@ftbfs.de>
Cc: Stefan Fritsch <sf@sfritsch.de>, debian-release@lists.debian.org, debian-apache@lists.debian.org, team@security.debian.org
Subject: Re: [OSRM] please review apache2 2.0.54-5sarge2
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 18 Jul 2007 23:30:48 +0200
Message-id: <[🔎] 20070718213048.GA3609@galadriel.inutil.org>
In-reply-to: <[🔎] 20070718212838.GC16638@ftbfs.de>
References: <[🔎] 200707182324.30852.sf@sfritsch.de> <[🔎] 20070718212838.GC16638@ftbfs.de>

On Wed, Jul 18, 2007 at 11:28:39PM +0200, Martin Zobel-Helas wrote:
> Hi, 
> 
> On Wed Jul 18, 2007 at 23:24:19 +0200, Stefan Fritsch wrote:
> > Hi,
> > 
> > please review apache2 2.0.54-5sarge2 for the next sarge point release:
> > 
> > 
> > apache2 (2.0.54-5sarge2) stable; urgency=low
> > 
> >   * Fix some less critical security issues:
> >   * Denial of service for threaded MPMs:
> >     - CVE-2005-2970: mpm_worker memory leak
> >     - CVE-2005-3357: mod_ssl with custom errorpage
> >     - CVE-2007-1863: mod_cache
> >   * Cross site scripting:
> >     - CVE-2005-3352: mod_imap
> >     - CVE-2006-3918: via Expect header
> >     - CVE-2006-5752: mod_status
> >   * Add check for scoreboard PID protection (CVE-2007-3304)
> > 
> >  -- Stefan Fritsch <sf@debian.org>  Mon, 16 Jul 2007 23:12:36 +0200
> 
> Moritz, will this be going via security?

No, none of these warrants a DSA.

Cheers,
        Moritz

Reply to:

References:
- [OSRM] please review apache2 2.0.54-5sarge2
  - From: Stefan Fritsch <sf@sfritsch.de>
- Re: [OSRM] please review apache2 2.0.54-5sarge2
  - From: Martin Zobel-Helas <zobel@ftbfs.de>

Prev by Date: Re: [OSRM] please review apache2 2.0.54-5sarge2
Next by Date: Bug#135717: Weekly Special
Previous by thread: Re: [OSRM] please review apache2 2.0.54-5sarge2
Next by thread: Bug#135717: Weekly Special
Index(es):
- Date
- Thread