-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.6 Date: Sat, 26 Oct 2002 11:18:13 +0200 Source: apache-ssl Binary: apache-ssl Architecture: m68k Version: 1.3.9.13-4.2 Distribution: oldstable-security Urgency: high Maintainer: Debian/m68k Build Daemon Description: apache-ssl - Versatile, high-performance HTTP server with SSL support Changes: apache-ssl (1.3.9.13-4.2) oldstable-security; urgency=high . * Non-maintainer upload by the Security Team * Backport security fixes from 1.3.27 for the following issues: - CAN-2002-0839 (shared memory scoreboard uid/gid) - CAN-2002-0840 (cross-site scripting in error page) - CAN-2002-0843 (buffer overflows in ApacheBench ab.c) * Fix insecure temporary file creation in htpasswd and htdigest * Added another fix against two overflowed buffer in the htdigest program * Backported security patch from 1.3.13 that fixes a bug in mod_rewrite that enables an attacker to be able to access any file on the web server. Files: 2ea46b30e0c7c0d1925736b823a6b4a3 396318 non-us/main optional apache-ssl_1.3.9.13-4.2_m68k.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9usc0W5ql+IAeqTIRAkDXAKCZ4lg4LplJHrMoRB5T5p4zmcdw7ACgsvjz FvU+RsiXp41cJOJ2eRjOmNM= =fvGo -----END PGP SIGNATURE-----