Bug#380302: libapache-mod-perl: args() can return an odd number of elements

Package: libapache-mod-perl Version: 1.29.0.4-2 Severity: normal args() currently does no checking on its naive split, so it can return an odd number of elements in list context, which triggers a warning when assigned to a hash. (My logs are full of these due to the onslaught of "/scripts/..%255c

Bug#380299: libapache-mod-perl: unescape_url_info('') returns undef

Package: libapache-mod-perl Version: 1.29.0.4-2 Severity: normal Shouldn't unescape_url_info('') return '' instead of undef? Here's a quick patch to that effect. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i6

Bug#380298: libapache-mod-perl: unescape_url() croaks on constant value

Package: libapache-mod-perl Version: 1.29.0.4-2 Severity: normal You're probably aware of this, but running unescape_url on a constant value yields a "Modification of a read-only value attempted" error message. Although it may seem unlikely at first, this is the kind of stuff that happens when de

Bug#380296: libapache-mod-perl: Apache::Util functions are unavailable outside of requests

Package: libapache-mod-perl Version: 1.29.0.4-2 Severity: normal $ perl -MApache::Util -le 'print Apache::Util::ht_time(time)' Undefined subroutine &Apache::Util::ht_time called at -e line 1. This happens for all of Apache::Util's functions, which appear to be unavailable via Apache as well: $ p

Bug#380231: [CVE-2006-3747] Off-by-one flaw exists in the Rewrite module, mod_rewrite

On Fri, Jul 28, 2006 at 05:06:38PM +0200, Daniel Leidert wrote: > The latest release notes [1] of apache 1.3.37, 2.0.59 and 2.2.3 contains a > note, about an off-by-one flaw (CVE-2006-3747 [2]). > > [1] http://www.apache.org/dist/httpd/Announcement2.2.html > [2] http://cve.mitre.org/cgi-bin/cvena

Bug#380231: [CVE-2006-3747] Off-by-one flaw exists in the Rewrite module, mod_rewrite

Package: apache Version: 1.3.34-2 Severity: grave Tags: security -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The latest release notes [1] of apache 1.3.37, 2.0.59 and 2.2.3 contains a note, about an off-by-one flaw (CVE-2006-3747 [2]). [1] http://www.apache.org/dist/httpd/Announcement2.2.html

Bug#380182: Confirmed

A security advisory is pending. This bug applies to both the apache and apache2 packages. Same fix in both packages, but in different locations... Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: reassign 380134 to libapache2-mod-auth-pam

Processing commands for [EMAIL PROTECTED]: > # Automatically generated email from bts, devscripts version 2.9.10 > reassign 380134 libapache2-mod-auth-pam Bug#380134: Apache2 pam misconfiguration? Bug reassigned from package `apache2-common' to `libapache2-mod-auth-pam'. > End of message, stoppin

Bug#334824: logrotate: Postrotate documentation - Why restart?

Just noticed this myself. Interestingly the apache docs (which you would hope are the definitive source of what to do say this): http://httpd.apache.org/docs/2.0/logs.html By using a graceful restart, the server can be instructed to open new log files without losing any existing or pending conne

Bug#380182: CVE-2006-3747: off-by-one security problem in mod_rewrite

package: apache2 version: 2.0.55-4 severity: grave tags: security patch SECURITY: CVE-2006-3747 mod_rewrite: Fix an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer being written out of bounds. Reported by Mark Dowd of McAfee. patch is