tags 524474 - security severity 524474 important thanks On Sunday 03 May 2009, John Lightsey wrote: > This shouldn't be tagged as a grave security issue. The symlink > tests in Apache are trivial to overcome with timing attacks and the > Apache documentation explicitly states that the symlink tests > should not be considered a security restriction.
I agree. Especially considering that all 2.0.x and 2.2.x behaved in this way. -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
