Am 2007-03-02 00:33:56, schrieb Moritz Muehlenhoff:
> Indeed, I'm quite disappointed about apache 1.3 still being in Etch.
> Debian is the _only_ distribution still shipping it; the maintainers
> couldn't provide _any_ valid reason to still include it (like an important
> module not ported to 2.x)
Joey Hess wrote:
> On the third hand, this bug has documented a security hole with exploit
> in apache for about 2 weeks without any reaction from its maintainers,
> and was open for many months before that without any reaction from them.
> If apache isn't being maintained, it might be better to dr
Am Mittwoch, den 28.02.2007, 19:45 -0800 schrieb Russ Allbery:
> Daniel Leidert <[EMAIL PROTECTED]> writes:
>
> > Package: apache
> > Followup-For: Bug #357561
>
> > Why isn't anybody of the official maintainers reacting or commenting on
> > this bug? There are 3(!) completely undocumented downgr
The description given is somewhat incorrect. The escalation exists
whether run with -F or not. 033_-F_NOSETSID disables running setsid in
all cases. This means that running /etc/init.d/apache start and then not
closing the terminal (and people do have long-running shells like this)
leaves you vuln
On Thu, Mar 01, 2007 at 06:14:41PM +1100, Adam Conrad wrote:
> Joey Hess wrote:
> >
> > On the third hand, this bug has documented a security hole with exploit
> > in apache for about 2 weeks without any reaction from its maintainers,
> > and was open for many months before that without any reacti
Joey Hess wrote:
>
> On the third hand, this bug has documented a security hole with exploit
> in apache for about 2 weeks without any reaction from its maintainers,
> and was open for many months before that without any reaction from them.
> If apache isn't being maintained, it might be better to
On Wed, Feb 28, 2007 at 07:45:28PM -0800, Russ Allbery wrote:
> I certainly agree that it would be good to fix the bug, but I also can see
> why the severity was downgraded.
I think Russ explained pretty nicely why this escalation is pretty rare
from being a true vulnerability, although there inde
Daniel Leidert wrote:
> Why isn't anybody of the official maintainers reacting or commenting on
> this bug? There are 3(!) completely undocumented downgrades of a bug,
# holes depending on terminal exploits have not been treated as RC
I suspect that the above downgrade message from vorlon is the
Daniel Leidert <[EMAIL PROTECTED]> writes:
> Package: apache
> Followup-For: Bug #357561
> Why isn't anybody of the official maintainers reacting or commenting on
> this bug? There are 3(!) completely undocumented downgrades of a bug,
> that IMHO (from reading) fits the "grave" severity.
The dow
Package: apache
Followup-For: Bug #357561
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Why isn't anybody of the official maintainers reacting or commenting on
this bug? There are 3(!) completely undocumented downgrades of a bug,
that IMHO (from reading) fits the "grave" severity. Please react or
10 matches
Mail list logo
