Re: [SRM] Please review apache_1.3.34-4.1+etch1

To: Stefan Fritsch <sf@sfritsch.de>
Cc: debian-release@lists.debian.org
Subject: Re: [SRM] Please review apache_1.3.34-4.1+etch1
From: Luk Claes <luk@debian.org>
Date: Sat, 19 Jan 2008 17:46:26 +0100
Message-id: <[🔎] 47922962.5080701@debian.org>
In-reply-to: <[🔎] 200801191624.11525.sf@sfritsch.de>
References: <[🔎] 200801191624.11525.sf@sfritsch.de>

Stefan Fritsch wrote:
> Hi,
> 
> please review apache_1.3.34-4.1+etch1 for inclusion in etch r3, as 
> agreed with luk and jmm.
> 
> Here is the changelog:
> apache (1.3.34-4.1+etch1) stable; urgency=low
> 
>   * Minor security fixes:
>     - CVE-2007-1349: DoS in mod_perl
>     - CVE-2007-3304: potential DoS by sending SIGUSR1 to arbitrary
>       processes
>     - CVE-2006-5752, CVE-2007-6388: XSS in mod_status
>     - CVE-2007-5000: XSS in mod_imap
> 
> The debdiff is at
> http://people.debian.org/~sf/apache_1.3.34-4.1+etch1.debdiff
> 
> Deviating from my previous plan, I now included the fix for 
> CVE-2007-3304. I reviewed the patch and tested it, and could not find 
> any problems.

I guess that's the whole pid related diff?

Please upload.

Cheers

Luk

Reply to:

References:
- [SRM] Please review apache_1.3.34-4.1+etch1
  - From: Stefan Fritsch <sf@sfritsch.de>

Prev by Date: Re: Proposed release goal: Switch to dash as /bin/sh to speed up the boot
Next by Date: networkmanager binNMU for libnl1-pre8/6
Previous by thread: [SRM] Please review apache_1.3.34-4.1+etch1
Next by thread: networkmanager binNMU for libnl1-pre8/6
Index(es):
- Date
- Thread