[Bug 897120] Re: apache2-suexec-custom changes permissions on suexec binary
This bug was fixed in the package apache2 - 2.2.21-3ubuntu1
---
apache2 (2.2.21-3ubuntu1) precise; urgency=low
* Merge from Debian testing. Remaining changes:
- debian/{control, rules}: Enable PIE hardening.
- debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
- debian/control: Add bzr tag and point it to our tree
- debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
- debian/control, debian/ask-for-passphrase,
debian/config-dir/mods-available/ssl.conf:
Plymouth aware passphrase dialog program ask-for-passphrase.
apache2 (2.2.21-3) unstable; urgency=medium
* Fix CVE-2011-4317: Prevent unintended pattern expansion in some
reverse proxy configurations. (Similar to CVE-2011-3368, but different
attack vector.)
* Fix CVE-2011-3607: Integer overflow in ap_pregsub could cause segfault
via malicious .htaccess.
* Mention dpkg-statoverride for changing permissions of suexec. LP: #897120
* Fix broken link in docs. Closes: #650528
* Remove Tollef Fog Heen, Thom May, and Peter Samuelson from uploaders.
Thanks for your work in the past.
-- Chuck Short zul...@ubuntu.com Fri, 09 Dec 2011 05:20:43 +
** Changed in: apache2 (Ubuntu)
Status: New = Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3368
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3607
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-4317
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/897120
Title:
apache2-suexec-custom changes permissions on suexec binary
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/897120/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 897120] Re: apache2-suexec-custom changes permissions on suexec binary
That's what dpkg-statoverride is for. I will mention that in the suexec man page. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/897120 Title: apache2-suexec-custom changes permissions on suexec binary To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/897120/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 897120] Re: apache2-suexec-custom changes permissions on suexec binary
** Branch linked: lp:debian/apache2 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/897120 Title: apache2-suexec-custom changes permissions on suexec binary To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/897120/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 897120] Re: apache2-suexec-custom changes permissions on suexec binary
** Changed in: apache2 (Ubuntu) Importance: Undecided = Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/897120 Title: apache2-suexec-custom changes permissions on suexec binary To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/897120/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
