Bug#971062: buster-pu: package plinth/19.1

To: James Valleroy <jvalleroy@mailbox.org>, 971062@bugs.debian.org
Subject: Bug#971062: buster-pu: package plinth/19.1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 10 Oct 2020 09:30:04 +0100
Message-id: <[🔎] 6ec2ab94ad74a5529753aefe6e7c9d51da16406c.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 971062@bugs.debian.org
In-reply-to: <160117430422.211994.6459150672336889956.reportbug@compbook.jvalleroy.me>
References: <160117430422.211994.6459150672336889956.reportbug@compbook.jvalleroy.me> <160117430422.211994.6459150672336889956.reportbug@compbook.jvalleroy.me>

Control: tags -1 + confirmed

On Sat, 2020-09-26 at 22:38 -0400, James Valleroy wrote:
> This update proposes to fix security tracker issue CVE-2020-25073,
> where a remote attackers could obtain sensitive information from the
> /server-status page of the Apache HTTP Server, because a connection
> from the Tor onion service (or from PageKite) is considered a local
> connection.

Please go ahead.

> This issue also exists in stretch.

stretch is handled by the LTS team now, so you'll need to contact them
if you'd like to update the package there.

Regards,

Adam

Reply to:

Prev by Date: Processed: Re: Bug#970745: buster-pu: package pdns_4.1.6-3+deb10u1
Next by Date: Processed: Re: Bug#971062: buster-pu: package plinth/19.1
Previous by thread: Bug#970745: buster-pu: package pdns_4.1.6-3+deb10u1
Next by thread: Processed: Re: Bug#971062: buster-pu: package plinth/19.1
Index(es):
- Date
- Thread