https://issues.apache.org/bugzilla/show_bug.cgi?id=46425

To: debian-apache@lists.debian.org
Subject: https://issues.apache.org/bugzilla/show_bug.cgi?id=46425
From: Christian Kapalczynski <ck@hosteurope.de>
Date: Tue, 18 May 2010 19:41:28 +0200
Message-id: <[🔎] 4BF2D148.2050103@hosteurope.de>

Hi Guys,

just found the Bug about the "apr lib" which has been fixed by Stefan in
"apr 1.3.6". In Debian Lenny there is still the package 1.2.12-5+lenny1
with the Security BUG available.
Since through this BUG you can compromise the system by Listening to
Port 80 or read every FD from the Apache Fork via a PHP or Shell script
i was wondering why there is no security package update for apr
1.2.12-5+lenny1 to 1.3.6 at least or 1.4.2-3 Testing is going to be
backported for Lenny?

Cheers Christian

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: https://issues.apache.org/bugzilla/show_bug.cgi?id=46425
  - From: Stefan Fritsch <sf@sfritsch.de>

Prev by Date: Save 20% on ALL Motivational Pictures Until May 17th!
Next by Date: Processed: unarchiving 366124, tagging 366124
Previous by thread: Save 20% on ALL Motivational Pictures Until May 17th!
Next by thread: Re: https://issues.apache.org/bugzilla/show_bug.cgi?id=46425
Index(es):
- Date
- Thread