Good day,
I'm checking testing against 2002 DSAs (for woody) with Joeh Hess.
I'm not sure with DSA-187 [1] and DSA-188 [2] (sames security problems, one for
apache and another one for apache-ssl)
I know that CAN-2002-0839, CAN-2002-0840, CAN-2002-0843 are fixed in
unstable since apache 1.3.27-0.1
I believe CAN-2001-0131 and CAN-2002-1233 are fixed with the following
patches in apache debian packages :
901_security_htdigest_tempfiles
902_security_htpasswd_tempfiles
Could you confirmme this?
both DSA also mentionned buffer overflows in ApacheBench :
| NO-CAN: Several buffer overflows have been found in the ApacheBench (ab)
| utility that could be exploited by a remote server returning very long
| strings.
Do you know if theses are fixed in testing package?
Thanks for your help.
[1] http://www.debian.org/security/2002/dsa-187
[2] http://www.debian.org/security/2002/dsa-188
--
Djoumé SALVETTI
pgprqfAPBlvlb.pgp
Description: PGP signature