Re: apache and CAN-2003-0020

To: debian-security@lists.debian.org
Subject: Re: apache and CAN-2003-0020
From: Joey Hess <joeyh@debian.org>
Date: Thu, 24 Mar 2005 12:13:06 -0500
Message-id: <[🔎] 20050324171306.GB8856@kitenet.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 4240F443.1010308@strategicdata.com.au>
References: <[🔎] 4240F443.1010308@strategicdata.com.au>

Geoff Crompton wrote:
> CAN-2003-0020 is a vulnerability in apache that mentions how apache 
> allows escape sequences into the error logs, which might exploit a 
> terminal program viewing them.
> More detail is at http://www.securityfocus.com/bid/9930. The 
> securityfocus page lists Debian as being vulnerable, and I can't find a 
> DSA that corresponds to CAN-2003-0020.
> 
> Does anyone know if Debian is vulnerable or fixed?

CAN-2003-0020 
        - apache2 2.0.49
        - apache 1.3.29.0.2-4

Above are the versions that contained the fixes, for unstable/testing.

-- 
see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- apache and CAN-2003-0020
  - From: Geoff Crompton <geoff.crompton@strategicdata.com.au>

Prev by Date: Re: Apache 1.3.33 (from sarge) and mod_chroot
Next by Date: Re: apache and CAN-2004-0174
Previous by thread: Re: apache and CAN-2003-0020
Next by thread: apache and CAN-2004-0174
Index(es):
- Date
- Thread