On Monday 26 September 2011, Adam D. Barratt wrote: > On Mon, 2011-09-26 at 00:34 +0200, Stefan Fritsch wrote: > > Please review apache2/2.2.16-6+squeeze4 for inclusion in s-p-u. > > It fixes a minor DoS issue, some bugs in the init script and > > adds some docs. > > Thanks for this. A couple of queries: > > * Fix CVE-2011-3348: Possible denial of service in > > mod_proxy_ajp > > > > if combined with mod_proxy_balancer. > > As far as I can tell from the upload history and the security > tracker, this is still unfixed in unstable - is that correct?
Yes. It's included in upstream 2.2.21 which I will upload to unstable shortly. So, the patch has already seen some use and is unlikely to introduce regressions. > > > * Tweak patch header to fix "dpatch unapply" with unstable's > > patch/dpatch. > > Does the result still work with squeeze's tools? Good question. Yes, I have just tried it. Cheers, Stefan -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
