DSA 187-1 and FrontPage extensions
Hi all,
I run a FrontPage-enabled apache server on Woody. I apply the 1.3.22
FrontPage patch which is claimed by rtr.com to work with versions 1.3.22,
1.3.24, 1.3.26 and 1.3.27 to the Debian Apache sources and then build
Debian binary packages. I append the procedure I use to do this below.
The server has been running OK so far.
I have two questions:
1. The debs I build from the Debian apache source package come out with
version number 1.3.26-0woody1 whereas the debs released to cover this
vulnerability have version 1.3.26-0woody3. Why is this? Have the source
packages not been updated?
2. (Related) Are the binary debs I build from the current debian
1.3.26 source package safe from this vulnerability?
Does anyone have any input? Please copy me directly as I am not
subscribed to the list.
Debian Apache FrontPage Patch and Compile Procedure
---------------------------------------------------
The patch is at ftp://ftp.rtr.com/pub/fp-patch-apache_1.3.22.Z
To patch the server I follow the following procedure:
Download and gunzip patch file fp-patch-apache_1.3.22.Z
apt-get source apache
cd apache-1.3.26/upstream/tarballs
tar xvzf apache_1.3.26.tar.gz
cd apache_1.3.26
patch -p1 <path_to>fp-patch-apache_1.3.22
cd <path-to-toplevel>apache-1.3.26
dpkg-buildpackage -rfakeroot -b
cd ..
dpkg -i apache-common
dpkg -i apache
Best regards,
George Karaolides
Reply to: