+1 on Fedora 34
On 2021/10/07 13:17:36, "ste...@eissing.org" wrote:
> Hi all,
>
> due to found security weaknesses in our 2.4.50 release, the security team
> feels it is necessary to do a new release on very short notice. We will skip
> the usual 3 day voting period and close the vote once we
.
Issues:
https://github.com/iamamoose/Vulnogram/issues
ASF changes from the upstream Vulnogram code:
https://github.com/Vulnogram/Vulnogram/compare/master...iamamoose:asfmaster
Regards, Mark J Cox
ASF Security
On Thu, Sep 16, 2021 at 4:57 PM Ruediger Pluem wrote:
>
>
> On 9/16/21 3:16
> > This roughly reverts the httpd process to what we used prior to adopting
> > the Tomcat-esque policy for the whole ASF. We would have to document
> > this and possibly need it approved by the ASF security team.
>
> Not sure if we need to have it approved, but at least we should discuss
For reference, Mitre assigned:
CVE-2007-1741 - Path Checking Race Condition Vulnerability
CVE-2007-1742 - Path Checking Design Error Vulnerability
CVE-2007-1743 - Arbitrary GID Input Validation Vulnerability
We can supply statements to Mitre for any we dispute.
Mark
--
Mark J Cox | www.awe.com
that as an DISPUTED to CVE
But the original reporter disagrees:
http://marc.theaimsgroup.com/?l=bugtraqm=115583509231594w=2
I think the right response here is to make it more explicit in the
documentation that putting a ScriptAlias cgi-bin inside document root is
bad.
Mark
--
Mark J Cox | www.awe.com
There is nothing on the security page any more for 2.2, is there a bug
with the report you use to populate it?
Fixed
Cheers, Mark
This killed the list of vulnerabilities for all versions. Was this intended?
And if yes, where can they be found now?
Must be someone with bad java foo, fixing.
Mark
--
Mark J Cox | www.awe.com/mark
1.3 was UNAFFECTED
Yes, indeed it was me that insisted that this didn't affect 1.3, I'll
revert it :)
Cheers, Mark
We've a few security issues fixed recently that haven't made it out into
releases from the ASF, but have made it out into releases from the various
OS vendors. One issue is important severity, and public now for 10
days.
I don't watch this list much, are there other things holding up a
Do we have an incident number for this report as it pertains
to the Apache HTTP Server?
I'm obtaining a CVE name for this issue -- (as the issue is already public
it requires co-ordination with Mitre)
Cheers, Mark
I'm obtaining a CVE name for this issue -- (as the issue is already public
it requires co-ordination with Mitre)
CAN-2005-2088
Has anyone looked to make sure this doesn't apply to later 1.3 releases?
Cheers,
Mark
advisory on June 10th.
Mark
--
Mark J Cox ... www.awe.com/mark
Apache Software Foundation . OpenSSL Group . Apache Week editor
Index: src/CHANGES
===
RCS file: /home/cvs/apache-1.3/src
this issue. [Dirk-Willem van Gulik]
+
Use CAN-2003-0987 for this issue
Mark
--
Mark J Cox ... www.awe.com/mark
Apache Software Foundation . OpenSSL Group . Apache Week editor
with other changes in a new release ;)
Mark
--
Mark J Cox ... www.awe.com/mark
Apache Software Foundation . OpenSSL Group . Apache Week editor
-BEGIN PGP SIGNED MESSAGE-
For Immediate Disclosure
=== SUMMARY
Title: Apache 2.0 vulnerability affects non-Unix platforms
Date: 9th August 2002
Version: 1
Product Name: Apache web server 2.0
OS/Platform: Windows, OS2, Netware
Permanent URL: http://httpd.apache.org/info/security_bulletin_20020908a.txt
Hmmm, actually it really ought to be 20020809a.txt like the files I
commited, the text that went out was wrong due to too many us-uk
conversions ;). A cunning redirect rule in the server config would fix
it so
On Fri, 9 Aug 2002, Joshua Slive wrote:
[EMAIL PROTECTED] wrote:
Revision ChangesPath
1.1 httpd-site/docs/info/security_bulletin_20020809a.txt
Permanent URL: http://httpd.apache.org/info/security_bulletin_20020908a.txt
I put in a symlink for now
- on Linux and NetWare I only get the data unformated back, looks as
there are problems with the scoreboard.xsl or so. Any ideas what's
Yeah, Mozilla isn't very stable at doing the rendering. Most of the
problems you mention are due to the XSLT being done inside the browser.
I'm not real
I've written an Announcement file for 1.3.21 and will commit within the
hour (just got back from dentist)
Mark
19 matches
Mail list logo