On Thu, Jan 26, 2006 at 10:26:35PM +0100, Sven Koch wrote:
> Apachetop 0.12.6 is available at
> http://www.webta.org/projects/apachetop/wiki/Download
>
> >From its changelog:
> v0.12.6 (27th October, 2005)
> * fixed security issue which described at CVE-2005-2660
>
> http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2660
Thanks for the report.
We already fixed that bug in the code in Apachetop 0.12.5-3, quoting
the changelog:
--
apachetop (0.12.5-3) unstable; urgency=high
* Fix insecure temporary file usage. [CAN-2005-2660]
* Support "gamin" in addition to "fam".
(Closes: #329367)
* Attempt to open both /var/log/apache2/access.log and
/var/log/apache/access.log when given no filename as
input.
(Closes: #319272)
-- Steve Kemp <[EMAIL PROTECTED]> Fri, 30 Sep 2005 13:59:09 +0000
--
I'll definitely make a new upload with the upstream release, but
the security issue is already fixed. (We even released a DSA for
it: http://www.debian.org/security/2005/dsa-839 )
Steve
--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
