[SRM] Please review apache_1.3.34-4.1+etch1

To: debian-release@lists.debian.org
Subject: [SRM] Please review apache_1.3.34-4.1+etch1
From: Stefan Fritsch <sf@sfritsch.de>
Date: Sat, 19 Jan 2008 16:24:04 +0100
Message-id: <[🔎] 200801191624.11525.sf@sfritsch.de>

Hi,

please review apache_1.3.34-4.1+etch1 for inclusion in etch r3, as 
agreed with luk and jmm.

Here is the changelog:
apache (1.3.34-4.1+etch1) stable; urgency=low

  * Minor security fixes:
    - CVE-2007-1349: DoS in mod_perl
    - CVE-2007-3304: potential DoS by sending SIGUSR1 to arbitrary
      processes
    - CVE-2006-5752, CVE-2007-6388: XSS in mod_status
    - CVE-2007-5000: XSS in mod_imap

The debdiff is at
http://people.debian.org/~sf/apache_1.3.34-4.1+etch1.debdiff

Deviating from my previous plan, I now included the fix for 
CVE-2007-3304. I reviewed the patch and tested it, and could not find 
any problems.

Cheers,
Stefan

PS: I also plan an apache2 s-p-u upload. Separate mail follows.

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Follow-Ups:
- Re: [SRM] Please review apache_1.3.34-4.1+etch1
  - From: Luk Claes <luk@debian.org>

Prev by Date: Re: Proposed release goal: Switch to dash as /bin/sh to speed up the boot
Next by Date: Re: Bug#453435: cpio cannot read its own tarfiles
Previous by thread: Re: Bug#453435: cpio cannot read its own tarfiles
Next by thread: Re: [SRM] Please review apache_1.3.34-4.1+etch1
Index(es):
- Date
- Thread