Re: about DSA-2452-1 apache2 -- insecure default configuration

To: debian-user@lists.debian.org
Subject: Re: about DSA-2452-1 apache2 -- insecure default configuration
From: Vincent Lefevre <vincent@vinc17.net>
Date: Thu, 26 Apr 2012 13:10:32 +0200
Message-id: <[🔎] 20120426111032.GG3827@xvii.vinc17.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] jn6m2f$got$7@dough.gmane.org>
References: <[🔎] 20120418162434.GP3827@xvii.vinc17.org> <[🔎] jmp9q7$kai$8@dough.gmane.org> <[🔎] 20120419235029.GA5679@xvii.vinc17.org> <[🔎] jmrsan$o0u$9@dough.gmane.org> <[🔎] 20120423105158.GB3827@xvii.vinc17.org> <[🔎] jn3r64$68l$3@dough.gmane.org> <[🔎] 20120424150627.GD3827@xvii.vinc17.org> <[🔎] jn6i0m$got$4@dough.gmane.org> <[🔎] 20120424161911.GE3827@xvii.vinc17.org> <[🔎] jn6m2f$got$7@dough.gmane.org>

On 2012-04-24 16:57:52 +0000, Camaleón wrote:
> On Tue, 24 Apr 2012 18:19:11 +0200, Vincent Lefevre wrote:
> > This is just a workaround. The real problem hasn't been fixed. And this
> > means that it is no longer possible to read arbitrary documentation from
> > doc directories easily.
> 
> I'm still not sure about that mainly because I don't see other 
> distributions (besides Ubuntu) fixing it :-?

Perhaps it's Debian-specific (the bug was just about the default
configuration), and users may also have an insecure (non-default)
configuration on other distributions without knowing it.

I've reported a bug for Debian, at least so that Debian gives more
information about such security problems:

  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670518

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to:

References:
- Re: about DSA-2452-1 apache2 -- insecure default configuration
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: about DSA-2452-1 apache2 -- insecure default configuration
  - From: Camaleón <noelamac@gmail.com>
- Re: about DSA-2452-1 apache2 -- insecure default configuration
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: about DSA-2452-1 apache2 -- insecure default configuration
  - From: Camaleón <noelamac@gmail.com>
- Re: about DSA-2452-1 apache2 -- insecure default configuration
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: about DSA-2452-1 apache2 -- insecure default configuration
  - From: Camaleón <noelamac@gmail.com>
- Re: about DSA-2452-1 apache2 -- insecure default configuration
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: about DSA-2452-1 apache2 -- insecure default configuration
  - From: Camaleón <noelamac@gmail.com>
- Re: about DSA-2452-1 apache2 -- insecure default configuration
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: about DSA-2452-1 apache2 -- insecure default configuration
  - From: Camaleón <noelamac@gmail.com>

Prev by Date: Re: Is 1600x1200 screen better than 1440x900?
Next by Date: Re: How /etc/hosts.allow /etc/hosts.deny and smb.conf play along
Previous by thread: Re: about DSA-2452-1 apache2 -- insecure default configuration
Next by thread: Hauppauge Nova-T USB stick -- now what?
Index(es):
- Date
- Thread