[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

DSA 187-1 and FrontPage extensions

Hi all,

I run a FrontPage-enabled apache server on Woody.  I apply the 1.3.22
FrontPage patch which is claimed by rtr.com to work with versions 1.3.22,
1.3.24, 1.3.26 and 1.3.27 to the Debian Apache sources and then build
Debian binary packages.  I append the procedure I use to do this below.
The server has been running OK so far.

I have two questions:

1. The debs I build from the Debian apache source package come out with
version number 1.3.26-0woody1 whereas the debs released to cover this
vulnerability have version 1.3.26-0woody3.  Why is this?  Have the source
packages not been updated?

2. (Related) Are the binary debs I build from the current debian
1.3.26 source package safe from this vulnerability?

Does anyone have any input?  Please copy me directly as I am not
subscribed to the list.

Debian Apache FrontPage Patch and Compile Procedure

The patch is at ftp://ftp.rtr.com/pub/fp-patch-apache_1.3.22.Z

To patch the server I follow the following procedure:

Download and gunzip patch file fp-patch-apache_1.3.22.Z

apt-get source apache
cd apache-1.3.26/upstream/tarballs
tar xvzf apache_1.3.26.tar.gz
cd apache_1.3.26
patch -p1 <path_to>fp-patch-apache_1.3.22
cd <path-to-toplevel>apache-1.3.26
dpkg-buildpackage -rfakeroot -b
cd ..
dpkg -i apache-common
dpkg -i apache

Best regards,

George Karaolides

Reply to: