Re: Preparation of Debian GNU/Linux 2.2r4
Jonathan McDowell wrote:
> On Sat, Oct 13, 2001 at 12:32:24PM +0200, Martin Schulze wrote:
>
> > My requirements for packages to go into stable:
> >
> > 1. The package fixes a security problem. Quite helpful would be an
> > advisory issued by the Security Team already.
> ...
> > Accepted packages
> > -----------------
> >
> > These packages should make it into stable.
> >
> > apache stable 1.3.9-13.2 alpha, arm, i386, m68k, powerpc, sparc
> > apache testing 1.3.19-1 alpha, arm, i386, m68k, powerpc, sparc
> > apache unstable 1.3.19-1 hurd-i386
> > apache unstable 1.3.20-1.1 alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390, sh, sparc
> > apache updates 1.3.9-14 alpha, arm, i386, m68k, powerpc, sparc
> >
> > install apache_1.3.9-14_alpha.changes
> > install apache_1.3.9-14_arm.changes
> > install apache_1.3.9-14_i386.changes
> > install apache_1.3.9-14_m68k.changes
> > install apache_1.3.9-14_powerpc.changes
> > install apache_1.3.9-14_sparc.changes
> >
> > * Non-maintainer upload on behalf of Simon Huggins <huggie@earth.li>
> > * Applied patch from Martin Kraemer to fix mod_negotiation bug to prevent
> > revealing of directory contents.
> >
> > This looks like a half security update, right?
>
> I'm not sure what you mean by "half". It fixes a known security problem
> with Apache and has had an advisary issued by the security team (and is
> available from security.debian.org). I strongly believe it should be
> included in 2.2r4.
It fixes the security problem, but due to a bug it won't reload, so
it's rather useless and requires a correction and a new upload.
The person who made released DSA 067-1 knows about it.
Regards,
Joey
--
The good thing about standards is that there are so many to choose from.
-- Andrew S. Tanenbaum
Reply to: