Re: [SECURITY] [DSA 952-1] New libapache-auth-ldap packages fix arbitrary code execution

To: Nick Boyce <nick@glimmer.demon.co.uk>
Cc: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 952-1] New libapache-auth-ldap packages fix arbitrary code execution
From: Florian Weimer <fw@deneb.enyo.de>
Date: Sat, 28 Jan 2006 13:56:50 +0100
Message-id: <[🔎] 87slr8tsrx.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] ronlt1tmdsp2kmp3uoiovj6ogr7064piur@4ax.com> (Nick Boyce's message of "Sat, 28 Jan 2006 03:36:50 +0000")
References: <m1F12LP-000pRWC@finlandia.Infodrom.North.DE> <[🔎] ronlt1tmdsp2kmp3uoiovj6ogr7064piur@4ax.com>

* Nick Boyce:

>>From this I infer that mod_auth_ldap for Debian-packaged Apache 2 must
> be included with the main Debian Apache packages, and that no
> libapache(2)-auth-ldap package is required - and that I therefore need
> fixed Apache 2 packages.  Is this so ?

Apache 2 comes with its own LDAP module, which may have shared a
common code base once (the Dave Carrigan is listed as author, too),
but the vulnerable function is not present in version 2.0.55-4.  I
haven't looked at other versions.

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 952-1] New libapache-auth-ldap packages fix arbitrary code execution
  - From: Nick Boyce <nick@glimmer.demon.co.uk>

References:
- Re: [SECURITY] [DSA 952-1] New libapache-auth-ldap packages fix arbitrary code execution
  - From: Nick Boyce <nick@glimmer.demon.co.uk>

Prev by Date: Re: [SECURITY] [DSA 952-1] New libapache-auth-ldap packages fix arbitrary code execution
Next by Date: "Fix" of sudo with DSA-946-1
Previous by thread: Re: [SECURITY] [DSA 952-1] New libapache-auth-ldap packages fix arbitrary code execution
Next by thread: Re: [SECURITY] [DSA 952-1] New libapache-auth-ldap packages fix arbitrary code execution
Index(es):
- Date
- Thread