subject:"\[SECURITY\] \[DSA 594\-1\] New Apache packages fix arbitrary code execution"

Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution

2004-12-03 Thread Stephen Gran

This one time, at band camp, Adam Morley said: > Hi security and Steve, > > I thought so too. Then I upgraded a box with apache (not apache-ssl) > and apache got ugpraded. . .but I found: > > http://lists.debian.org/debian-security/2004/11/msg00095.html > > So I know the things he lists as vuln

Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution

2004-12-03 Thread Adam Morley

Hi security and Steve, I thought so too. Then I upgraded a box with apache (not apache-ssl) and apache got ugpraded. . .but I found: http://lists.debian.org/debian-security/2004/11/msg00095.html So I know the things he lists as vulnerable are indeed in apache-common (dpkg -x'd the package), b

Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution

2004-11-18 Thread Bernd Eckenfels

In article <[EMAIL PROTECTED]> you wrote: > If I'm not mistaken the vulnerabilities existed in two files found in > apache-common. Does anybody know why the Vuln is classified as a remote exploit? Arent SSI tags dependend on local modifications? Or are there tags which can be remote exploited, if

Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution

2004-11-18 Thread Lupe Christoph

Quoting Steve Suehring <[EMAIL PROTECTED]>: > If I'm not mistaken the vulnerabilities existed in two files found in > apache-common. Since apache-common is a prerequisite for apache-ssl, > updating apache-common should correct the vulnerability. I could be > wrong and I'm sure someone will corre

Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution

2004-11-17 Thread Steve Suehring

If I'm not mistaken the vulnerabilities existed in two files found in apache-common. Since apache-common is a prerequisite for apache-ssl, updating apache-common should correct the vulnerability. I could be wrong and I'm sure someone will correct me if I am. :) Steve On Wed, Nov 17, 2004, Ada

Re: [SECURITY] [DSA 594-1] New Apache packages fix arbitrary code execution

2004-11-17 Thread Adam Morley

On Wed, Nov 17, 2004 at 01:05:54PM +0100, Martin Schulze wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > - -- > Debian Security Advisory DSA 594-1 [EMAIL PROTECTED] > http://www.debian.org/secu

Re: [SECURITY] [DSA 594-1] New Apache packages fix arbitrary code execution

2004-11-17 Thread Lupe Christoph

Quoting [EMAIL PROTECTED]: > Nur zu Info - und um anzumerken dass uns das nicht betrifft. Ich moechte noch anmerken, dass uns die Mail auch nicht betrifft :-P Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | "... putting a mail server on the Internet wit

Re: [SECURITY] [DSA 594-1] New Apache packages fix arbitrary code execution

2004-11-17 Thread rm

Nur zu Info - und um anzumerken dass uns das nicht betrifft. Gruss RalfD On Wed, Nov 17, 2004 at 01:05:54PM +0100, Martin Schulze wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > - -- > Debian Security Advisory

Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution

Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution

Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution

Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution

Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution

Re: [SECURITY] [DSA 594-1] New Apache packages fix arbitrary code execution

Re: [SECURITY] [DSA 594-1] New Apache packages fix arbitrary code execution

Re: [SECURITY] [DSA 594-1] New Apache packages fix arbitrary code execution

8 matches

Site Navigation

Mail list logo

Footer information