Bug#279753: apache: execute arbitrary code via SSI issue (CAN-2004-0940)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hideki Yamane wrote: | Hi, | | | Yes, stability is most important thing in stable release. | | I would ask you that it needs to be built on all woody arch means | it needs more time to be checked because changed source should be | able to be built on each arch or it needs more time to be built in | all arch machines? both? a combination of all of them :-) the source needs to build on all supported architectures and tested. Clearly you cannot do the latter without the former ;) Fabio - -- Self-Service law: The last available dish of the food you have decided to eat, will be inevitably taken from the person in front of you. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBizq4hCzbekR3nhgRAoTUAJ0ZrdOs3hlmugRSPz92haZUS53EdACePARU JA1rfSoNX2/x6G41OpvWzlU= =dLmU -END PGP SIGNATURE-
Re: Bug#279753: apache: execute arbitrary code via SSI issue (CAN-2004-0940)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This is offtopic for the bug. Hideki Yamane wrote: | Hi, | | Fri, 05 Nov 2004 09:32:59 +0100, Fabio Massimo Di Nitto | Re: Bug#279753: apache: execute arbitrary code via SSI issue (CAN-2004-0940) | | Is that review process on public or closed? If it is on public, | where can we read about that? closed. | If some arch (not powerful architecture like arm or m68k, etc) | needs more time to build package than i386 and so it makes release | late, I think we should do KAIZEN about build system. No. this is specified in the security release process. All the archs will get the update at the same time. | (or use some emulation environment like Scratchbox as test. | It is 10 times faster than native env.) | http://linuxdevices.com/articles/AT6264230012.html It is not the same as running on the native arch and it might introduce unwanted side effects. Fabio - -- Self-Service law: The last available dish of the food you have decided to eat, will be inevitably taken from the person in front of you. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBi0lahCzbekR3nhgRAs5IAJ4segE2AF7Who1wyW2hmOrD1fsimwCfZ0BQ tlSUW/N9/m7s81SjlNfRBX8= =Lq1n -END PGP SIGNATURE-
Bug#279753: apache: execute arbitrary code via SSI issue (CAN-2004-0940)
Hi, Fri, 05 Nov 2004 09:32:59 +0100, Fabio Massimo Di Nitto Re: Bug#279753: apache: execute arbitrary code via SSI issue (CAN-2004-0940) Is that review process on public or closed? If it is on public, where can we read about that? a combination of all of them :-) the source needs to build on all supported architectures and tested. Clearly you cannot do the latter without the former ;) If some arch (not powerful architecture like arm or m68k, etc) needs more time to build package than i386 and so it makes release late, I think we should do KAIZEN about build system. (or use some emulation environment like Scratchbox as test. It is 10 times faster than native env.) http://linuxdevices.com/articles/AT6264230012.html -- Regards, Hideki Yamane henrich @ samba.gr.jp/iijmio-mail.jp Key fingerprint = 4555 82ED 38B6 C870 E099 388C 22ED 21CB C4C7 264B
Bug#279753: apache: execute arbitrary code via SSI issue (CAN-2004-0940)
Package: apache Version: 1.3.27-0.1 Severity: important Tags: woody, security -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear apache maintainer team, How is CAN-2004-0940 issue in woody coped with? I've checked Non-Vulnerability Security Information for woody page (http://www.debian.org/security/nonvulns-woody), but there is not CAN-2004-0940. Probably it affects woody. I saw it was discussed in debian-apache mailing list, but it is about package in sarge and sid (1.3.31 based), not woody (1.3.26 based). So, I want to know about state of woody's apache. - -- Regards, Hideki Yamane henrich @ samba.gr.jp/iijmio-mail.jp -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBiwtCIu0hy8THJksRAr6bAJ99PhH07nrrnOXzNkNfkXENg4L6sACcDbUC oUeIp1I/D+s4lIoHkRCbs/Q= =tYRw -END PGP SIGNATURE-