Control: tags -1 + squeeze confirmed On Sun, 2012-09-09 at 23:23 +0200, Stefan Fritsch wrote: > Please review apache2_2.2.16-6+squeeze8 for inclusion in squeeze. It fixes > a minor security issue and some important bugs: > > * CVE-2012-2687: mod_negotiation: Escape filenames in variant list to > prevent a possible XSS vulnerability for a site where untrusted users > can upload files to a location with MultiViews enabled. > * Send 408 status instead of 400 if reading of a request fails with a > timeout. This allows browsers to retry. Closes: #677086 > * mod_cache: Prevent Partial Content responses from being cached and served > as normal response. Closes: #671204 > * mpm_itk: Fix an issue where users can sometimes get spurious 403s on > persistent connections. Closes: #672333
Assuming that the resulting package has been tested on a squeeze system, please go ahead; thanks. Regards, Adam -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
