Re: [OSRM] please review apache2 2.0.54-5sarge2
On Wed, Jul 18, 2007 at 11:28:39PM +0200, Martin Zobel-Helas wrote:
> Hi,
>
> On Wed Jul 18, 2007 at 23:24:19 +0200, Stefan Fritsch wrote:
> > Hi,
> >
> > please review apache2 2.0.54-5sarge2 for the next sarge point release:
> >
> >
> > apache2 (2.0.54-5sarge2) stable; urgency=low
> >
> > * Fix some less critical security issues:
> > * Denial of service for threaded MPMs:
> > - CVE-2005-2970: mpm_worker memory leak
> > - CVE-2005-3357: mod_ssl with custom errorpage
> > - CVE-2007-1863: mod_cache
> > * Cross site scripting:
> > - CVE-2005-3352: mod_imap
> > - CVE-2006-3918: via Expect header
> > - CVE-2006-5752: mod_status
> > * Add check for scoreboard PID protection (CVE-2007-3304)
> >
> > -- Stefan Fritsch <sf@debian.org> Mon, 16 Jul 2007 23:12:36 +0200
>
> Moritz, will this be going via security?
No, none of these warrants a DSA.
Cheers,
Moritz
Reply to: