Bug#517377: apache 1.3 shows perl script source in iphone-browser
Package: apache Version: 1.3.34-4.1+etch1 Severity: grave When a script called index.cgi is the directory-index in apache 1.3 and this script is accessed using the iphone browser, apache shows the script source of the perl script, even if the perl script is correctly being executed when accessed with any other browser. This might expose passwords and might be a severe security issue. I am using Debian GNU/Linux 4.0 Etch, kernel 2.6.18-6-vserver-686 -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#517377: apache 1.3 shows perl script source in iphone-browser
On Friday 27 February 2009, Tobias Vogel wrote: When a script called index.cgi is the directory-index in apache 1.3 and this script is accessed using the iphone browser, apache shows the script source of the perl script, even if the perl script is correctly being executed when accessed with any other browser. Please provide access log entries for both cases. Are you sure you call exactly the same URL in both cases? Stefan -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#517377: apache 1.3 shows perl script source in iphone-browser
In case of a normal Firefox access: +0100] GET /wol/ HTTP/1.1 304 - https://proxy.xyz.ch/; Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.5) Gecko/2008120121 Firefox/3.0.5 In case of the iphone-acess: +0100] GET /wol HTTP/1.1 301 269 - Mozilla/5.0 (iPhone; U; CPU iPhone OS 2_2_1 like Mac OS X; en-us) AppleWebKit/525.18.1 (KHTML, like Gecko) Version/3.1.1 Mobile/5H11 Safari/525.20 -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processing of apr_1.3.3-3_i386.changes
apr_1.3.3-3_i386.changes uploaded successfully to localhost along with the files: apr_1.3.3-3.dsc apr_1.3.3-3.diff.gz libapr1_1.3.3-3_i386.deb libapr1-dev_1.3.3-3_i386.deb libapr1-dbg_1.3.3-3_i386.deb Greetings, Your Debian queue daemon -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
apr_1.3.3-3_i386.changes ACCEPTED
Accepted: apr_1.3.3-3.diff.gz to pool/main/a/apr/apr_1.3.3-3.diff.gz apr_1.3.3-3.dsc to pool/main/a/apr/apr_1.3.3-3.dsc libapr1-dbg_1.3.3-3_i386.deb to pool/main/a/apr/libapr1-dbg_1.3.3-3_i386.deb libapr1-dev_1.3.3-3_i386.deb to pool/main/a/apr/libapr1-dev_1.3.3-3_i386.deb libapr1_1.3.3-3_i386.deb to pool/main/a/apr/libapr1_1.3.3-3_i386.deb Override entries for your package: apr_1.3.3-3.dsc - source libs libapr1-dbg_1.3.3-3_i386.deb - extra libdevel libapr1-dev_1.3.3-3_i386.deb - optional libdevel libapr1_1.3.3-3_i386.deb - optional libs Announcing to debian-devel-chan...@lists.debian.org Thank you for your contribution to Debian. -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: bug 117921 is forwarded to http://issues.apache.org/bugzilla/show_bug.cgi?id=24823 ...
Processing commands for cont...@bugs.debian.org: forwarded 117921 http://issues.apache.org/bugzilla/show_bug.cgi?id=24823 Bug#117921: apache: apachectl configtest gives false OK when logging directory path is missing ont he filesystem. Bug#83540: Apache config problem not reported by apachectl configtest/graceful Bug#192604: apachectl configtest does not recognize missing paths Forwarded-to-address changed from http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24823 to http://issues.apache.org/bugzilla/show_bug.cgi?id=24823. forwarded 140565 http://issues.apache.org/bugzilla/show_bug.cgi?id=24831 Bug#140565: apache: Apache caching confused by 304 from IIS 5.0 Forwarded-to-address changed from http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24831 to http://issues.apache.org/bugzilla/show_bug.cgi?id=24831. forwarded 192604 http://issues.apache.org/bugzilla/show_bug.cgi?id=24823 Bug#192604: apachectl configtest does not recognize missing paths Bug#83540: Apache config problem not reported by apachectl configtest/graceful Bug#117921: apache: apachectl configtest gives false OK when logging directory path is missing ont he filesystem. Forwarded-to-address changed from http://issues.apache.org/bugzilla/show_bug.cgi?id=24823 to http://issues.apache.org/bugzilla/show_bug.cgi?id=24823. forwarded 199685 http://issues.apache.org/bugzilla/show_bug.cgi?id=16013 Bug#199685: mod_autoindex: fooling autoindex.o with slashes Forwarded-to-address changed from http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16013 to http://issues.apache.org/bugzilla/show_bug.cgi?id=16013. forwarded 204508 http://issues.apache.org/bugzilla/show_bug.cgi?id=24155 Bug#204508: apache: mod_rewrite can't rewrite to filenames containing a '?' Forwarded-to-address changed from http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24155 to http://issues.apache.org/bugzilla/show_bug.cgi?id=24155. forwarded 43910 http://issues.apache.org/bugzilla/show_bug.cgi?id=24157 Bug#43910: apache: mod_usertrack enhancement [patch] Forwarded-to-address changed from http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24157 to http://issues.apache.org/bugzilla/show_bug.cgi?id=24157. forwarded 70982 http://issues.apache.org/bugzilla/show_bug.cgi?id=24824 Bug#70982: apache: apache calls suexec in user mode, even when userdir is disabled Forwarded-to-address changed from http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24824 to http://issues.apache.org/bugzilla/show_bug.cgi?id=24824. forwarded 83540 http://issues.apache.org/bugzilla/show_bug.cgi?id=24823 Bug#83540: Apache config problem not reported by apachectl configtest/graceful Bug#117921: apache: apachectl configtest gives false OK when logging directory path is missing ont he filesystem. Bug#192604: apachectl configtest does not recognize missing paths Forwarded-to-address changed from http://issues.apache.org/bugzilla/show_bug.cgi?id=24823 to http://issues.apache.org/bugzilla/show_bug.cgi?id=24823. End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
