Your message dated Fri, 9 Jul 2021 13:35:28 +0200
with message-id <[email protected]>
and subject line Re: Bug#990853: Problem with Directory directive
has caused the Debian Bug report #990583,
regarding lrzip: CVE-2021-27347
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
990583: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990583
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: lrzip
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for lrzip.
CVE-2021-27347[0]:
| Use after free in lzma_decompress_buf function in stream.c in Irzip
| 0.631 allows attackers to cause Denial of Service (DoS) via a crafted
| compressed file.
It's unclear which commit fixed, this should be checked with upstream:
https://github.com/ckolivas/lrzip/issues/165
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-27347
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27347
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Le 09/07/2021 à 13:12, Stadtsholte, Ingo a écrit :
> Package: apache2
>
> Version: 2.4.38-3+deb10u4
>
>
>
> After minor updating my Apache Installation to the above Version,
> AuthType in Directory directive only affects to DirectoryIndex, not to
> all other files/subdirectories
>
>
>
> <Directory /var/www/html>
>
> AuthType GSSAPI
>
> require valid-user
>
> DirectoryIndex index.php
>
> </Directory>
>
>
>
> Authentication works when I call https://myserver/ <https://myserver/>
> but do not work anymore when I call https://myserver/index.php
> <https://myserver/index.php>
Hi,
it's not a bug, use <Location /> when using an external file handler
(like php-fpm)
> Other problems I had after that update: I had to enable some modules via
> a2enmod. 3 weeks earlier the modules were automatically enabled and the
> AuthType works for the whole directory
Could you give more details ?
--- End Message ---
