Bug#341022: apache2.2-common: /etc/apache2/conf.d/security default need changing for squeeze

To: Debian Bug Tracking System <341022@bugs.debian.org>
Subject: Bug#341022: apache2.2-common: /etc/apache2/conf.d/security default need changing for squeeze
From: Neil Ramsay <debian@agentnoel.geek.nz>
Date: Fri, 13 Aug 2010 16:02:27 +1200
Message-id: <20100813040227.21848.62734.reportbug@nanowave.agentnoel.geek.nz>
Reply-to: Neil Ramsay <debian@agentnoel.geek.nz>, 341022@bugs.debian.org

Package: apache2.2-common
Version: 2.2.16-1
Severity: normal

Good day,
in /etc/apache2/conf.d/security, it states that in "the release after lenny" it will "Disable access to the entire file system except for the directories that are explicitly allowed later."
Now that squeeze has been frozen, from what I understand, shouldn't this block be uncommented by default?

Thanks,
Neil Ramsay

-- Package-specific info:
List of /etc/apache2/mods-enabled/*.load:
  alias asis auth_basic auth_kerb authn_file authz_default
  authz_groupfile authz_host authz_user autoindex cgi dav dav_fs
  dav_lock dir* env ext_filter headers mailman mime negotiation php5
  proxy proxy_ajp reqtimeout rewrite setenvif ssl* status suexec
  userdir* wsgi
  (A * means that the .conf file for that module is not enabled in
   /etc/apache2/mods-enabled/)
List of enabled php5 extensions:
  curl gmp ldap mysql mysqli pdo pdo_mysql pdo_pgsql pgsql snmp
  suhosin

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages apache2.2-common depends on:
ii  apache2-utils                 2.2.16-1   utility programs for webservers
ii  apache2.2-bin                 2.2.16-1   Apache HTTP Server common binary f
ii  libmagic1                     5.04-4     File type determination library us
ii  lsb-base                      3.2-23.1   Linux Standard Base 3.2 init scrip
ii  mime-support                  3.48-1     MIME files 'mime.types' & 'mailcap
ii  perl                          5.10.1-13  Larry Wall's Practical Extraction 
ii  procps                        1:3.2.8-9  /proc file system utilities

Versions of packages apache2.2-common recommends:
ii  ssl-cert                      1.0.25     simple debconf wrapper for OpenSSL

Versions of packages apache2.2-common suggests:
ii  apache2-doc                 2.2.16-1     Apache HTTP Server documentation
pn  apache2-suexec | apache2-su <none>       (no description available)
ii  lynx-cur [www-browser]      2.8.8dev.4-2 Text-mode WWW Browser with NLS sup

Versions of packages apache2.2-common is related to:
pn  apache2-mpm-event             <none>     (no description available)
pn  apache2-mpm-itk               <none>     (no description available)
ii  apache2-mpm-prefork           2.2.16-1   Apache HTTP Server - traditional n
pn  apache2-mpm-worker            <none>     (no description available)

-- Configuration Files:
/etc/apache2/mods-available/proxy.conf changed [not included]
/etc/apache2/ports.conf changed [not included]
/etc/apache2/sites-available/default changed [not included]
/etc/apache2/sites-available/default-ssl changed [not included]

-- no debconf information

Reply to:

Prev by Date: [bts-link] source package apache2
Next by Date: apache2 (2.2.16-1)
Previous by thread: Processed: [bts-link] source package apache2
Next by thread: apache2 (2.2.16-1)
Index(es):
- Date
- Thread