On 04/06/2013 04:50 PM, Alberto Gonzalez Iniesta wrote: > On Sat, Apr 06, 2013 at 02:43:39PM +0800, Thomas Goirand wrote: >> Hi, >> >> I installed mod_security with the patch I backported, made sure the >> module was loaded by Apache, and tested to query "http://localhost";, >> then I could see the "It works!" default Debian Apache page. >> >> So, I'd say: so far so good, Apache doesn't crash. >> >> Salvatore, could you tell how you find out about this CVE, and are you >> sure that the commit you linked is fixing the problem (which I do not >> understand fully...)? If you confirm that you are sure it fixes the CVE, >> then I believe I could NMU the fixed package in the delayed queue. > > Hi Thomas and Salvatore, > > Thanks for the heads-up. Strangely I didn't get the first mail (the bug > report), but luckily got Thomas' mails. I'll check this ASAP and make an > upload accordingly. > > > Cheers, > > Alberto
Cool. I just thought I could help, since I knew a bit about Apache module programing. I hope my patch will help to have this RC solved faster, so we can think about something else for the release. Cheers, Thomas -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
