On Sat, Apr 06, 2013 at 12:08:41PM +0200, Salvatore Bonaccorso wrote: > Hi Alberto, hi Thomas > > On Sat, Apr 06, 2013 at 10:50:43AM +0200, Alberto Gonzalez Iniesta wrote: > > On Sat, Apr 06, 2013 at 02:43:39PM +0800, Thomas Goirand wrote: > > > Hi, > > > > > > I installed mod_security with the patch I backported, made sure the > > > module was loaded by Apache, and tested to query "http://localhost";, > > > then I could see the "It works!" default Debian Apache page. > > > > > > So, I'd say: so far so good, Apache doesn't crash. > > > > > > Salvatore, could you tell how you find out about this CVE, and are you > > > sure that the commit you linked is fixing the problem (which I do not > > > understand fully...)? If you confirm that you are sure it fixes the CVE, > > > then I believe I could NMU the fixed package in the delayed queue. > > > > Hi Thomas and Salvatore, > > > > Thanks for the heads-up. Strangely I didn't get the first mail (the bug > > report), but luckily got Thomas' mails. I'll check this ASAP and make an > > upload accordingly. > > Bad you have not got the inital mail trough the BTS. :( Thank you for > preparing the update. For the new option the default value is Off, if > I understand it correctly, but configurable to On/Off. Could you also > add a bit of Documentation for it? > > Could you also prepare an update for squeeze-security for ? Please > target there squeeze-security (instead of stable-security) in case the > update will happen just when wheezy get's released ;-) to prepare for > an update to security-master?
Hi again, I've packages ready for sid/wheezy and squeeze. I'm waiting upstream blessing on them before uploading. Regards, Alberto -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
