Re: Apache SHA1 Password bug (AMD64)

To: Kirk Ismay <captain@netidea.com>
Cc: debian-apache@lists.debian.org
Subject: Re: Apache SHA1 Password bug (AMD64)
From: Stefan Fritsch <sf@debian.org>
Date: Fri, 16 Jan 2009 18:50:32 +0100
Message-id: <[🔎] 200901161850.32905.sf@debian.org>
In-reply-to: <[🔎] 496C1D8B.6070203@netidea.com>
References: <[🔎] 496C1D8B.6070203@netidea.com>

On Tuesday 13 January 2009, Kirk Ismay wrote:
> I have experienced a bug on AMD64  Apache/1.3.33  & Apache/1.3.34
> (Debian) .  SHA1 encrypted passwords do not seem to work.  The
> issue is similar to this, but only seems to affect AMD64 on sarge
> and etch (I've tried it on several machines):
> https://issues.apache.org/bugzilla/show_bug.cgi?id=17343
>
> The following test case works on my i386 machine, but fails on
> AMD64. The SHA login is guest/guest, crypt is test/test.

While this would be a bug, it does not seem severe enough to fix it in 
a stable release. Apache 1.3 is not included in Debian releases after 
etch. Therefore, if it is a problem for you, please migrate to apache 
2.2. You will have to migrate sooner or later anyway, since security 
support for Apache 1.3 will finish one year after lenny is released.

Cheers,
Stefan

Reply to:

References:
- Apache SHA1 Password bug (AMD64)
  - From: Kirk Ismay <captain@netidea.com>

Prev by Date: Bug#511594: default ports.conf should not contain NameVirtualHost directive
Next by Date: Processing of apache2_2.2.11-2_i386.changes
Previous by thread: Apache SHA1 Password bug (AMD64)
Next by thread: Re: improvement for apache mod_autoindex default configuration
Index(es):
- Date
- Thread