[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SRM] Please review apache_1.3.34-4.1+etch1

Stefan Fritsch wrote:
> Hi,
> please review apache_1.3.34-4.1+etch1 for inclusion in etch r3, as 
> agreed with luk and jmm.
> Here is the changelog:
> apache (1.3.34-4.1+etch1) stable; urgency=low
>   * Minor security fixes:
>     - CVE-2007-1349: DoS in mod_perl
>     - CVE-2007-3304: potential DoS by sending SIGUSR1 to arbitrary
>       processes
>     - CVE-2006-5752, CVE-2007-6388: XSS in mod_status
>     - CVE-2007-5000: XSS in mod_imap
> The debdiff is at
> http://people.debian.org/~sf/apache_1.3.34-4.1+etch1.debdiff
> Deviating from my previous plan, I now included the fix for 
> CVE-2007-3304. I reviewed the patch and tested it, and could not find 
> any problems.

I guess that's the whole pid related diff?

Please upload.



Reply to: