Bug#315957: Info

FWIW: I've just tried to install, reinstall and upgrade apache-ssl inside a sarge chroot environment and the package didn't show problem. So maybe this bug is indeed due to the many virtual hosts. Michael should debug the postinst script, e.g. by executing it with sh -x or by creative glancing

Re: CAN-2005-1344: Buffer overflow in htdigest

Martin Schulze wrote: Adam Conrad wrote: Martin Schulze wrote: Are you aware of this: http://www.lucaercoli.it/advs/htdigest.txt http://www.securiteam.com/unixfocus/5EP061FEKC.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1344 We are now. :) Do you have

Re: CAN-2005-1344: Buffer overflow in htdigest

Adam Conrad wrote: Martin Schulze wrote: Are you aware of this: http://www.lucaercoli.it/advs/htdigest.txt http://www.securiteam.com/unixfocus/5EP061FEKC.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1344 We are now. :) Do you have a patch, or should I fix it myself

Re: Discussing Lingerd's security history

Alexis Sukrieh wrote: I'm the maintainer of an unofficial Debian package named apache-lingerd[1]. Lingerd is a patch for apache that enables a better handling of dynamic pages serving. The package works fine and a couple of users reported me that they use it on production servers.

Re: Patch for fixing CAN-2004-0940 in apache 1.3, update

Martin Pitt wrote: Martin Schulze [2004-11-01 20:18 +0100]: Thanks a lot. There's another update in the work that fixes problem with htpasswd. I'm attaching the patch. I haven't received a CVE Id so will forward it when it is there. For sid please let me know which version of Apache

Re: Patch for fixing CAN-2004-0940 in apache 1.3, update

Martin Pitt wrote: Hi Joey! Martin Schulze [2004-11-01 20:18 +0100]: Thanks a lot. There's another update in the work that fixes problem with htpasswd. I'm attaching the patch. I haven't received a CVE Id so will forward it when it is there. For sid please let me know which

Bug#273412: CAN-2004-0811: Apache 2.0.51 authentication bypass

Package: apache2 Version: 2.0.51-2 Severity: critical Tags: security A problem has been reported to exist in Apache after upgrading to 2.0.51 which results in being able to access web pages one shouldn't be able to access, i.e. bypassing the authentication method. Here's a fix

Re: CAN-2004-0811: Apache 2.0.51 authentication bypass

Please take care of this issue. This seems to affect the version in sid as well. Please mention the CAN from in the changelog when you prepare an update. Mark J Cox wrote: A number of users have reported that after upgrading to 2.0.51 their password protected pages have been served without