Hi Guys, just found the Bug about the "apr lib" which has been fixed by Stefan in "apr 1.3.6". In Debian Lenny there is still the package 1.2.12-5+lenny1 with the Security BUG available. Since through this BUG you can compromise the system by Listening to Port 80 or read every FD from the Apache Fork via a PHP or Shell script i was wondering why there is no security package update for apr 1.2.12-5+lenny1 to 1.3.6 at least or 1.4.2-3 Testing is going to be backported for Lenny? Cheers Christian
Attachment:
signature.asc
Description: OpenPGP digital signature