subject:"\[SECURITY\] \[DSA\-594\-1\] New Apache packages fix arbitrary code execution"

Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution

2004-12-03 Thread Adam Morley

Hi security and Steve, I thought so too. Then I upgraded a box with apache (not apache-ssl) and apache got ugpraded. . .but I found: http://lists.debian.org/debian-security/2004/11/msg00095.html So I know the things he lists as vulnerable are indeed in apache-common (dpkg -x'd the package),

Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution

2004-12-03 Thread Stephen Gran

This one time, at band camp, Adam Morley said: Hi security and Steve, I thought so too. Then I upgraded a box with apache (not apache-ssl) and apache got ugpraded. . .but I found: http://lists.debian.org/debian-security/2004/11/msg00095.html So I know the things he lists as vulnerable

Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution

2004-11-18 Thread Lupe Christoph

Quoting Steve Suehring [EMAIL PROTECTED]: If I'm not mistaken the vulnerabilities existed in two files found in apache-common. Since apache-common is a prerequisite for apache-ssl, updating apache-common should correct the vulnerability. I could be wrong and I'm sure someone will correct me

Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution

2004-11-18 Thread Bernd Eckenfels

In article [EMAIL PROTECTED] you wrote: If I'm not mistaken the vulnerabilities existed in two files found in apache-common. Does anybody know why the Vuln is classified as a remote exploit? Arent SSI tags dependend on local modifications? Or are there tags which can be remote exploited, if

[SECURITY] [DSA 594-1] New Apache packages fix arbitrary code execution

2004-11-17 Thread Martin Schulze

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 594-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze November 17th, 2004

Re: [SECURITY] [DSA 594-1] New Apache packages fix arbitrary code execution

2004-11-17 Thread rm

Nur zu Info - und um anzumerken dass uns das nicht betrifft. Gruss RalfD On Wed, Nov 17, 2004 at 01:05:54PM +0100, Martin Schulze wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA

Re: [SECURITY] [DSA 594-1] New Apache packages fix arbitrary code execution

2004-11-17 Thread Lupe Christoph

Quoting [EMAIL PROTECTED]: Nur zu Info - und um anzumerken dass uns das nicht betrifft. Ich moechte noch anmerken, dass uns die Mail auch nicht betrifft :-P Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | ... putting a mail server on the Internet

Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution

2004-11-17 Thread Steve Suehring

If I'm not mistaken the vulnerabilities existed in two files found in apache-common. Since apache-common is a prerequisite for apache-ssl, updating apache-common should correct the vulnerability. I could be wrong and I'm sure someone will correct me if I am. :) Steve On Wed, Nov 17, 2004,

Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution

Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution

Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution

Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution

[SECURITY] [DSA 594-1] New Apache packages fix arbitrary code execution

Re: [SECURITY] [DSA 594-1] New Apache packages fix arbitrary code execution

Re: [SECURITY] [DSA 594-1] New Apache packages fix arbitrary code execution

Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution

8 matches

Site Navigation

Mail list logo

Footer information