[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#642956: pu: package apache2/2.2.16-6+squeeze4

On Monday 26 September 2011, Adam D. Barratt wrote:
> On Mon, 2011-09-26 at 00:34 +0200, Stefan Fritsch wrote:
> > Please review apache2/2.2.16-6+squeeze4 for inclusion in s-p-u.
> > It fixes a minor DoS issue, some bugs in the init script and
> > adds some docs.
> 
> Thanks for this.  A couple of queries:
> >    * Fix CVE-2011-3348: Possible denial of service in
> >    mod_proxy_ajp
> >    
> >      if combined with mod_proxy_balancer.
> 
> As far as I can tell from the upload history and the security
> tracker, this is still unfixed in unstable - is that correct?

Yes. It's included in upstream 2.2.21 which I will upload to unstable 
shortly. So, the patch has already seen some use and is unlikely to 
introduce regressions.

> 
> >    * Tweak patch header to fix "dpatch unapply" with unstable's
> >    patch/dpatch.
> 
> Does the result still work with squeeze's tools?

Good question. Yes, I have just tried it.

Cheers,
Stefan
Reply to: