On Sat, Apr 06, 2013 at 02:43:39PM +0800, Thomas Goirand wrote: > Hi, > > I installed mod_security with the patch I backported, made sure the > module was loaded by Apache, and tested to query "http://localhost";, > then I could see the "It works!" default Debian Apache page. > > So, I'd say: so far so good, Apache doesn't crash. > > Salvatore, could you tell how you find out about this CVE, and are you > sure that the commit you linked is fixing the problem (which I do not > understand fully...)? If you confirm that you are sure it fixes the CVE, > then I believe I could NMU the fixed package in the delayed queue.
Hi Thomas and Salvatore, Thanks for the heads-up. Strangely I didn't get the first mail (the bug report), but luckily got Thomas' mails. I'll check this ASAP and make an upload accordingly. Cheers, Alberto -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
