Re: about DSA-2452-1 apache2 -- insecure default configuration
On 2012-04-24 16:57:52 +0000, Camaleón wrote:
> On Tue, 24 Apr 2012 18:19:11 +0200, Vincent Lefevre wrote:
> > This is just a workaround. The real problem hasn't been fixed. And this
> > means that it is no longer possible to read arbitrary documentation from
> > doc directories easily.
>
> I'm still not sure about that mainly because I don't see other
> distributions (besides Ubuntu) fixing it :-?
Perhaps it's Debian-specific (the bug was just about the default
configuration), and users may also have an insecure (non-default)
configuration on other distributions without knowing it.
I've reported a bug for Debian, at least so that Debian gives more
information about such security problems:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670518
--
Vincent Lefèvre <vincent@vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
Reply to: