Bug#642956: pu: package apache2/2.2.16-6+squeeze4
On Monday 26 September 2011, Adam D. Barratt wrote:
> On Mon, 2011-09-26 at 00:34 +0200, Stefan Fritsch wrote:
> > Please review apache2/2.2.16-6+squeeze4 for inclusion in s-p-u.
> > It fixes a minor DoS issue, some bugs in the init script and
> > adds some docs.
>
> Thanks for this. A couple of queries:
> > * Fix CVE-2011-3348: Possible denial of service in
> > mod_proxy_ajp
> >
> > if combined with mod_proxy_balancer.
>
> As far as I can tell from the upload history and the security
> tracker, this is still unfixed in unstable - is that correct?
Yes. It's included in upstream 2.2.21 which I will upload to unstable
shortly. So, the patch has already seen some use and is unlikely to
introduce regressions.
>
> > * Tweak patch header to fix "dpatch unapply" with unstable's
> > patch/dpatch.
>
> Does the result still work with squeeze's tools?
Good question. Yes, I have just tried it.
Cheers,
Stefan
Reply to: