On 2012-04-24 16:57:52 +, Camaleón wrote:
> On Tue, 24 Apr 2012 18:19:11 +0200, Vincent Lefevre wrote:
> > This is just a workaround. The real problem hasn't been fixed. And this
> > means that it is no longer possible to read arbitrary documentation from
> > doc directories easily.
>
> I'm st
On Tue, 24 Apr 2012 18:19:11 +0200, Vincent Lefevre wrote:
> On 2012-04-24 15:48:38 +, Camaleón wrote:
>> On Tue, 24 Apr 2012 17:06:27 +0200, Vincent Lefevre wrote:
>> > You assume that there is just a user Apache configuration for each
>> > virtual host. This is not the case. If a site decide
On 2012-04-24 15:48:38 +, Camaleón wrote:
> On Tue, 24 Apr 2012 17:06:27 +0200, Vincent Lefevre wrote:
> > You assume that there is just a user Apache configuration for each
> > virtual host. This is not the case. If a site decides to make script
> > contents available (as text), but then a glo
On Tue, 24 Apr 2012 17:06:27 +0200, Vincent Lefevre wrote:
> On 2012-04-23 15:06:44 +, Camaleón wrote:
>> On Mon, 23 Apr 2012 12:51:58 +0200, Vincent Lefevre wrote:
>>
>> > On 2012-04-20 14:37:11 +, Camaleón wrote:
>>
>> >> The user is the admin of his/her site and so the ultimate respos
On 2012-04-23 15:06:44 +, Camaleón wrote:
> On Mon, 23 Apr 2012 12:51:58 +0200, Vincent Lefevre wrote:
>
> > On 2012-04-20 14:37:11 +, Camaleón wrote:
>
> >> The user is the admin of his/her site and so the ultimate resposible
> >> for his/her site security.
> >
> > What do you mean by s
On Mon, 23 Apr 2012 12:51:58 +0200, Vincent Lefevre wrote:
> On 2012-04-20 14:37:11 +, Camaleón wrote:
>> The user is the admin of his/her site and so the ultimate resposible
>> for his/her site security.
>
> What do you mean by site security? AFAIK, the problem is a *host*
> security proble
On 2012-04-20 14:37:11 +, Camaleón wrote:
> On Fri, 20 Apr 2012 01:50:29 +0200, Vincent Lefevre wrote:
> > On 2012-04-19 15:08:55 +, Camaleón wrote:
> >> >> I can be wrong but the bug seems aimed to correct the package which
> >> >> contains the file that enables the alias by default, hence
On Fri, 20 Apr 2012 01:50:29 +0200, Vincent Lefevre wrote:
> On 2012-04-19 15:08:55 +, Camaleón wrote:
>> >> I can be wrong but the bug seems aimed to correct the package which
>> >> contains the file that enables the alias by default, hence the
>> >> apache2 package.
>> >
>> > But the user
On 2012-04-19 15:08:55 +, Camaleón wrote:
> On Wed, 18 Apr 2012 18:24:34 +0200, Vincent Lefevre wrote:
> > On 2012-04-17 15:39:48 +, Camaleón wrote:
> >> On Mon, 16 Apr 2012 14:25:17 +0200, Vincent Lefevre wrote:
> >> > IMHO, the real bug is in mod_php or mod_rivet, that shouldn't be
> >> >
On Wed, 18 Apr 2012 18:24:34 +0200, Vincent Lefevre wrote:
> On 2012-04-17 15:39:48 +, Camaleón wrote:
>> On Mon, 16 Apr 2012 14:25:17 +0200, Vincent Lefevre wrote:
>> > IMHO, the real bug is in mod_php or mod_rivet, that shouldn't be
>> > active (at least concerning the scripting features) by
On 2012-04-17 15:39:48 +, Camaleón wrote:
> On Mon, 16 Apr 2012 14:25:17 +0200, Vincent Lefevre wrote:
> > IMHO, the real bug is in mod_php or mod_rivet, that shouldn't be active
> > (at least concerning the scripting features) by default unless this is
> > explicitly told with some "Options" f
On Mon, 16 Apr 2012 14:25:17 +0200, Vincent Lefevre wrote:
> There has been the following change in apache2:
>
> apache2 (2.2.22-4) unstable; urgency=high
>
> * CVE-2012-0216: Remove "Alias /doc /usr/share/doc" from the default
> virtual
(...)
> More information on:
>
> http://www.debia
12 matches
Mail list logo
