Hi list, Do you know about apache security issue?
apache 1.3.29 release announcement is here. http://www.apache.org/dist/httpd/Announcement.txt this apache 1.3 release includes security fix. > Apache 1.3.29 Major changes > > Security vulnerabilities > > * CAN-2003-0542 (cve.mitre.org) > Fix buffer overflows in mod_alias and mod_rewrite which occurred if > one configured a regular expression with more than 9 captures. apache 2.0.48 release announcement is here. http://www.apache.org/dist/httpd/Announcement2.txt and apache 2.0.48 also includes security fix. > Apache 2.0.48 Major changes > > Security vulnerabilities closed since Apache 2.0.47 > > *) SECURITY [CAN-2003-0789]: mod_cgid: Resolve some mishandling of > the AF_UNIX socket used to communicate with the cgid daemon and > the CGI script. [Jeff Trawick] > > *) SECURITY [CAN-2003-0542]: Fix buffer overflows in mod_alias and > mod_rewrite which occurred if one configured a regular expression > with more than 9 captures. [Andre' Malo] and I want to know how it goes in Debian. I cannot find any posts in BTS and debian-apache lists. # and when I posted apache 2.0.47 release announce with vulnerabitliy issue to BTS, maintainer said "Kindly don't submit "new version" bugs with in about 10 minutes of the release. It's childish and unhelpful." http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=200593&archive=yes so I don't want to post it to BTS... -- Regards, Hideki Yamane mailto:henrich @ iijmio-mail.jp
