On Wed, 23 Jun 2004, Matt Zimmerman wrote: > On Wed, Jun 23, 2004 at 03:24:13PM +0200, Marc SCHAEFER wrote: > > > it seems there is a potential buffer overflow in Apache's mod_proxy. > > > > Are you aware of it ? > > What I believe I heard from our Apache maintainers was that this would only > crash the child servicing the request (which isn't even a DoS, really), and > did not actually permit the execution of code, but the description in CVE is > quite explicit that it is a code execution vulnerability. > > Can someone confirm?
I read the same advisory and we are ready to upload in sid. This is a url to the sid patch: http://cvs.raw.no/cgi-bin/viewcvs.cgi/debian-apache/debian/patches/000_stolen_from_HEAD_CAN-2004-0492?rev=1.1&view=markup It is not intrusive. Fabio -- <user> fajita: step one <fajita> Whatever the problem, step one is always to look in the error log. <user> fajita: step two <fajita> When in danger or in doubt, step two is to scream and shout.