Re: DSA 187-1 and FrontPage extensions
On Tue, Nov 05, 2002 at 12:17:46AM +0200, George Karaolides wrote: > 1. The debs I build from the Debian apache source package come out with > version number 1.3.26-0woody1 whereas the debs released to cover this > vulnerability have version 1.3.26-0woody3. Why is this? Have the source > packages not been updated? You must have downloaded an older source package. Use the URLs in the advisory to get 1.3.26-0woody3. > 2. (Related) Are the binary debs I build from the current debian > 1.3.26 source package safe from this vulnerability? You should use the latest package from security.debian.org. -- - mdz
Re: DSA 187-1 and FrontPage extensions
On Tue, Nov 05, 2002 at 12:17:46AM +0200, George Karaolides wrote: > 1. The debs I build from the Debian apache source package come out with > version number 1.3.26-0woody1 whereas the debs released to cover this > vulnerability have version 1.3.26-0woody3. Why is this? Have the source > packages not been updated? You must have downloaded an older source package. Use the URLs in the advisory to get 1.3.26-0woody3. > 2. (Related) Are the binary debs I build from the current debian > 1.3.26 source package safe from this vulnerability? You should use the latest package from security.debian.org. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
DSA 187-1 and FrontPage extensions
Hi all, I run a FrontPage-enabled apache server on Woody. I apply the 1.3.22 FrontPage patch which is claimed by rtr.com to work with versions 1.3.22, 1.3.24, 1.3.26 and 1.3.27 to the Debian Apache sources and then build Debian binary packages. I append the procedure I use to do this below. The server has been running OK so far. I have two questions: 1. The debs I build from the Debian apache source package come out with version number 1.3.26-0woody1 whereas the debs released to cover this vulnerability have version 1.3.26-0woody3. Why is this? Have the source packages not been updated? 2. (Related) Are the binary debs I build from the current debian 1.3.26 source package safe from this vulnerability? Does anyone have any input? Please copy me directly as I am not subscribed to the list. Debian Apache FrontPage Patch and Compile Procedure --- The patch is at ftp://ftp.rtr.com/pub/fp-patch-apache_1.3.22.Z To patch the server I follow the following procedure: Download and gunzip patch file fp-patch-apache_1.3.22.Z apt-get source apache cd apache-1.3.26/upstream/tarballs tar xvzf apache_1.3.26.tar.gz cd apache_1.3.26 patch -p1 fp-patch-apache_1.3.22 cd apache-1.3.26 dpkg-buildpackage -rfakeroot -b cd .. dpkg -i apache-common dpkg -i apache Best regards, George Karaolides
DSA 187-1 and FrontPage extensions
Hi all, I run a FrontPage-enabled apache server on Woody. I apply the 1.3.22 FrontPage patch which is claimed by rtr.com to work with versions 1.3.22, 1.3.24, 1.3.26 and 1.3.27 to the Debian Apache sources and then build Debian binary packages. I append the procedure I use to do this below. The server has been running OK so far. I have two questions: 1. The debs I build from the Debian apache source package come out with version number 1.3.26-0woody1 whereas the debs released to cover this vulnerability have version 1.3.26-0woody3. Why is this? Have the source packages not been updated? 2. (Related) Are the binary debs I build from the current debian 1.3.26 source package safe from this vulnerability? Does anyone have any input? Please copy me directly as I am not subscribed to the list. Debian Apache FrontPage Patch and Compile Procedure --- The patch is at ftp://ftp.rtr.com/pub/fp-patch-apache_1.3.22.Z To patch the server I follow the following procedure: Download and gunzip patch file fp-patch-apache_1.3.22.Z apt-get source apache cd apache-1.3.26/upstream/tarballs tar xvzf apache_1.3.26.tar.gz cd apache_1.3.26 patch -p1 fp-patch-apache_1.3.22 cd apache-1.3.26 dpkg-buildpackage -rfakeroot -b cd .. dpkg -i apache-common dpkg -i apache Best regards, George Karaolides -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]