Bug#530834: CVE-2009-1195: Apache HTTP Server AllowOverride Options Security Bypass

To: 530834@bugs.debian.org
Cc: team@security.debian.org
Subject: Bug#530834: CVE-2009-1195: Apache HTTP Server AllowOverride Options Security Bypass
From: "Stefan Fritsch" <sf@sfritsch.de>
Date: Thu, 28 May 2009 10:45:58 +0200 (CEST)
Message-id: <[🔎] 2083.88.217.195.18.1243500358.squirrel@www.sfritsch.de>
Reply-to: "Stefan Fritsch" <sf@sfritsch.de>, 530834@bugs.debian.org
In-reply-to: <[🔎] 20090528065033.7098.65803.reportbug@localhost>
References: <[🔎] 20090528065033.7098.65803.reportbug@localhost>

>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195
> https://bugzilla.redhat.com/show_bug.cgi?id=489436
>
> Patch: http://svn.apache.org/viewvc?view=rev&revision=772997

If I understood the discussion on httpd-dev correctly, the fix in trunk
svn breaks API compatibility and makes mod_perl FTBFS. But I haven't
looked at redhat's patch, yet.

In any case mod_perl has to be tested when doing a fix.

Reply to:

References:
- Bug#530834: CVE-2009-1195: Apache HTTP Server AllowOverride Options Security Bypass
  - From: Giuseppe Iuculano <giuseppe@iuculano.it>

Prev by Date: Bug#530834: CVE-2009-1195: Apache HTTP Server AllowOverride Options Security Bypass
Next by Date: Bug#530286: apr: FTBFS on hurd-i386
Previous by thread: Bug#530834: CVE-2009-1195: Apache HTTP Server AllowOverride Options Security Bypass
Next by thread: De'ntists Database in the US
Index(es):
- Date
- Thread