Package: apache2.2-common Version: 2.2.3-4 Severity: Minor The shell script `a2enmod` uses a relative path instead of an absolute path when enabling modules. This is minor security concern as it could cause any potential problems whilst running Apache by allowing path traversal.
The following patch to fix the problem is included: --- a2enmod 2007-05-13 10:46:21.000000000 -0400 +++ a2enmod.new 2007-05-13 10:46:42.000000000 -0400 @@ -43,7 +43,7 @@ for i in conf load; do if [ -e $SYSCONFDIR/mods-available/$MODNAME.$i -a ! -e $SYSCONFDIR/mods-enabled/$MODNAME.$i ]; then cd $SYSCONFDIR/mods-enabled; - ln -sf ../mods-available/$MODNAME.$i $MODNAME.$i; + ln -sf $SYSCONFDIR/mods-available/$MODNAME.$i $MODNAME.$i; fi done As I said, this is a minor issue and probably trivial but I'm rather uncomfortable with the fact that it uses a relative path rather than an absolute one like a2ensite. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]