FWIW: I've just tried to install, reinstall and upgrade apache-ssl
inside a sarge chroot environment and the package didn't show problem.
So maybe this bug is indeed due to the many virtual hosts.
Michael should debug the postinst script, e.g. by executing it
with sh -x or by creative glancing
Martin Schulze wrote:
Adam Conrad wrote:
Martin Schulze wrote:
Are you aware of this:
http://www.lucaercoli.it/advs/htdigest.txt
http://www.securiteam.com/unixfocus/5EP061FEKC.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1344
We are now. :) Do you have
Adam Conrad wrote:
Martin Schulze wrote:
Are you aware of this:
http://www.lucaercoli.it/advs/htdigest.txt
http://www.securiteam.com/unixfocus/5EP061FEKC.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1344
We are now. :) Do you have a patch, or should I fix it myself
Alexis Sukrieh wrote:
I'm the maintainer of an unofficial Debian package named
apache-lingerd[1].
Lingerd is a patch for apache that enables a better handling of dynamic
pages serving.
The package works fine and a couple of users reported me that they
use it on production servers.
Martin Pitt wrote:
Martin Schulze [2004-11-01 20:18 +0100]:
Thanks a lot. There's another update in the work that fixes problem
with htpasswd. I'm attaching the patch. I haven't received a CVE Id
so will forward it when it is there.
For sid please let me know which version of Apache
Martin Pitt wrote:
Hi Joey!
Martin Schulze [2004-11-01 20:18 +0100]:
Thanks a lot. There's another update in the work that fixes problem
with htpasswd. I'm attaching the patch. I haven't received a CVE Id
so will forward it when it is there.
For sid please let me know which
Package: apache2
Version: 2.0.51-2
Severity: critical
Tags: security
A problem has been reported to exist in Apache after upgrading to 2.0.51
which results in being able to access web pages one shouldn't be able to
access, i.e. bypassing the authentication method.
Here's a fix
Please take care of this issue. This seems to affect the version in
sid as well. Please mention the CAN from in the changelog when you
prepare an update.
Mark J Cox wrote:
A number of users have reported that after upgrading to 2.0.51 their
password protected pages have been served without
8 matches
Mail list logo