Re: apache and CAN-2003-0020
Geoff Crompton wrote: CAN-2003-0020 is a vulnerability in apache that mentions how apache allows escape sequences into the error logs, which might exploit a terminal program viewing them. More detail is at http://www.securityfocus.com/bid/9930. The securityfocus page lists Debian as being vulnerable, and I can't find a DSA that corresponds to CAN-2003-0020. Does anyone know if Debian is vulnerable or fixed? CAN-2003-0020 - apache2 2.0.49 - apache 1.3.29.0.2-4 Above are the versions that contained the fixes, for unstable/testing. -- see shy jo signature.asc Description: Digital signature
apache and CAN-2003-0020
CAN-2003-0020 is a vulnerability in apache that mentions how apache allows escape sequences into the error logs, which might exploit a terminal program viewing them. More detail is at http://www.securityfocus.com/bid/9930. The securityfocus page lists Debian as being vulnerable, and I can't find a DSA that corresponds to CAN-2003-0020. Does anyone know if Debian is vulnerable or fixed? -- Geoff Crompton Debian System Administrator Strategic Data +61 3 9340 9000 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apache and CAN-2003-0020
Geoff Crompton a écrit : I can't find a DSA that corresponds to CAN-2003-0020. Woody isnt affected[1] : CAN-2003-0020: Apache: Missing filter for terminal escape sequences from error logs Ch. [1] Non-Vulnerability Security Information for woody http://www.nl.debian.org/security/nonvulns-woody
