Package: apache2
Version: 2.2.16-6+squeeze6
It seems that log rotation fails after a package update (including a
security update), until the machine is rebooted. Apache keeps logging
to the .log.1 file after rotation, it does not switch to the new .log
file.
I do not fully understand this issue
* Anthony Mendez:
I also tried enabling mod_rewrite and using that method to disable
HTTP Trace and that did not work either. The only software we are
running on this server is WeBWork, an online math homework
system. More information about WeBWork is avaliable at
* Marc Haber:
On Wed, Oct 31, 2007 at 05:13:00PM +0100, Stefan Fritsch wrote:
htpasswd is missing a feature there to get the password from a file
descriptor.
Or from a pipe. This is an upstream issue, can you pass it onwards?
The environment is private on Linux, too, but this is not
* Kjetil Kjernsmo:
If I have a PerlRun script, e.g., http://localhost/test/script, and
call it using a URL with special symbols like '(' in path_info,
PerlRun fails with server error. For example, calling
http://localhost/test/script/(
produces this error:
[Thu Mar 22 10:24:57 2007]
* Christoph Biedl:
This would result in a lot of bug reports against the according scripts.
But this is the way to go, I'm afraid. Or something could be
implemented at the PHP level, I guess. If it's only possible to get a
conforming 304 reply by stripping the trailing newline from the .php
Reloading Apache 1.3 did not apply all configuration changes in all
cases. Has this changed in version 2? If not, it's necessary to
restart the server (probably using apachectl graceful, but still).
--
Florian Weimer[EMAIL PROTECTED]
BFK edv-consulting GmbH http
* Stephen Gran:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
Uhm, hasn't this been fixed in apache 1.3.34-2 (bug #343466) and
apache2 2.0.55-4 (bug #343467)?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Package: apache
Tags: security upstream
Severity: important
Upstream reports a cross-site scripting issue in Apache:
http://issues.apache.org/bugzilla/show_bug.cgi?id=37874
Impact does not seem to be substantial (rather obscure module,
specific configuration required, only clients running IE
Package: apache2
Tags: security upstream
Severity: important
Upstream reports a cross-site scripting issue in Apache:
http://issues.apache.org/bugzilla/show_bug.cgi?id=37874
Impact does not seem to be substantial (rather obscure module,
specific configuration required, only clients running IE
Package: apache
Severity: normal
mod_usertrack generates non-random cookies (see the source code and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1534). I don't
think that this is a real security issue because mod_usertrack only uses
the cookies for invading user privacy, not for
* Olaf van der Spek:
Instead of just an easy way to enable SSL/TLS, I'd like to see it
enabled by default. :)
This would be a questionable change because it unnecessarily exposes
more program code to potential attacks.
Package: libapr0
Version: 2.0.50-12
Severity: grave
Tags: security
Justification: user security hole
Uniras has reported a vulnerability in apr-util:
http://www.uniras.gov.uk/vuls/2004/403518/index.htm
The identified vulnerability is in the apr-util library; the
apr_uri_parse function in the
Joey Hess wrote:
- Any others?
In the default configuration, web servers shall bind to localhost only
(okay, that's are more general policy issue affecting all network
services).
13 matches
Mail list logo