perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Torsten Foertsch <torsten.foert...@gmx.net>
Subject Re: Security Problems ???
Date Wed, 01 Apr 2009 16:16:50 GMT
On Mon 23 Mar 2009, Philippe M. Chiasson wrote:
> > almost a month ago there was this posting on the users list
> >
> >   http://www.gossamer-threads.com/lists/modperl/modperl/99170#99170
> >
> > stating there was a security related bug in modperl.
> >
> > Since then there were no svn updated touching the code. I'd like to
> > know if my servers are secure. So, where can I get more information
> > about the bug to perhaps help to fix it?
> >
> > Who knows more about the bug, please issue a statement if it is a
> > bug or not. If it is but nobody has the resources to fix it, please
> > let me know (privately) what it is. If I can I'll do it then.
>
> AFAIK, the original submitter didn't follow up and explain what the
> potential security problem was. He was told to contact
> security@apache.org, but I haven't heard anything from them.

Just FYI, the bug is a simple cross site scripting thing in 
Apache2::Status (and probably in mp1's Apache::Status as well)

The mp2 stuff is fixed by the enclosed patch as the original submitter 
has confirmed. I have committed it as revision 760926.

MP1 people, please check Apache::Status.

Apache2::Status users, please test.

Torsten

-- 
Need professional mod_perl support?
Just hire me: torsten.foertsch@gmx.net

Mime
View raw message