Package: apache2 Severity: grave Justification: user security hole Seems to me that Debian (sarge or etch or even sid) apache packages are not yet patched against
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465 Seems to me that the obvious workarounds of turning Indexes off or having an index.html everywhere, protects just fine; and wonder why Apache does not say so. Cheers, Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-spm1.11 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
