Re: testing and review requested for Wheezy update of apache2

To: Jonas Meurer <jonas@freesources.org>
Cc: debian-lts@lists.debian.org, debian-apache@lists.debian.org
Subject: Re: testing and review requested for Wheezy update of apache2
From: Stefan Fritsch <sf@sfritsch.de>
Date: Fri, 24 Feb 2017 20:19:55 +0100
Message-id: <[🔎] 87530154.UYVM5KsA0G@k>
In-reply-to: <[🔎] 9ab81378-d2b7-1f93-ce65-b1fbfc31a9bd@freesources.org>
References: <20161223225643.GA24261@inguza.net> <[🔎] 20170223105919.6av7s7jamdhabsqd@bogon.m.sigxcpu.org> <[🔎] 9ab81378-d2b7-1f93-ce65-b1fbfc31a9bd@freesources.org>

Hi,

On Thursday, 23 February 2017 19:14:59 CET Jonas Meurer wrote:
> All right, then we should go for the update. Antoine, do you take care
> of it?

Great work and sorry that I did not have time to help you more.

In case it helps: For stable, I have suggested this text for the DSA to the 
security team:

* CVE-2016-8743: Apache httpd accepted a broad pattern of unusual
  whitespace patterns in HTTP requests. In some configurations, this
  could lead to response splitting or cache polution vulnerabilities.
  To fix these issues, this update makes Apache httpd be more strict in
  what HTTP requests it accepts.

  If this causes problems with non-conforming clients, some checks can
  be relaxed by adding the new directive 'HttpProtocolOptions unsafe'
  to the configuration.

  More information is available at

  http://httpd.apache.org/docs/2.4/mod/core.html#httpprotocoloptions

Cheers,
Stefan

Reply to:

References:
- Re: testing and review requested for Wheezy update of apache2
  - From: Guido Günther <agx@sigxcpu.org>
- Re: testing and review requested for Wheezy update of apache2
  - From: Jonas Meurer <jonas@freesources.org>

Prev by Date: Re: [SECURITY] [DSA 3792-1] libreoffice security update
Next by Date: testing bind9 for Wheezy LTS
Previous by thread: Re: testing and review requested for Wheezy update of apache2
Next by thread: Re: testing and review requested for Wheezy update of apache2
Index(es):
- Date
- Thread