Hi, I installed mod_security with the patch I backported, made sure the module was loaded by Apache, and tested to query "http://localhost";, then I could see the "It works!" default Debian Apache page.
So, I'd say: so far so good, Apache doesn't crash. Salvatore, could you tell how you find out about this CVE, and are you sure that the commit you linked is fixing the problem (which I do not understand fully...)? If you confirm that you are sure it fixes the CVE, then I believe I could NMU the fixed package in the delayed queue. Thoughts? Cheers, Thomas Goirand (zigo) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
