Debian Bug report logs - #34099
apache: restrict /usr/doc to localhost

version graph

Package: apache; Maintainer for apache is (unknown);

Reported by: <bhmit1@hobbes.resnet.wm.edu>

Date: Thu, 4 Mar 1999 17:03:00 UTC

Severity: wishlist

Found in version 1.3.3-7

Done: Johnie Ingram <johnie@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Johnie Ingram <johnie@debian.org>:
Bug#34099; Package apache. Full text and rfc822 format available.

Acknowledgement sent to <bhmit1@hobbes.resnet.wm.edu>:
New bug report received and forwarded. Copy sent to Johnie Ingram <johnie@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: <bhmit1@hobbes.resnet.wm.edu>
To: submit@bugs.debian.org
Subject: apache: restrict /usr/doc to localhost
Date: Thu, 4 Mar 1999 11:51:12 -0500
Package: apache
Version: 1.3.3-7
Severity: wishlist

The following addition to /etc/apache/access.conf will do it:
<Directory /usr/doc>
AllowOverride None
order deny,allow
deny from all
allow from localhost
</Directory>

Yes it's a bit over restrictive, but the fact that anyone can get a list 
of debian packages installed on a system running a web server seems
like a bad idea to me.

(This is my first attempt at the bug program instead of regular email, 
 reply to:
 bmitch@atdot.org or bhmit1@mail.wm.edu)

-- System Information
Debian Release: 2.1
Kernel Version: Linux wm7-214.resnet.wm.edu 2.0.35 #3 Thu Jul 16 02:43:25 EDT 1998 i586 unknown

Versions of the packages apache depends on:
ii  libc6           2.0.7.19981211 GNU C Library: shared libraries
ii  libgdbmg1       1.7.3-25       GNU dbm database routines (runtime version).
ii  mime-support    3.5-1          MIME files 'mime.types' & 'mailcap', and sup
ii  perl            5.004.04-7     Larry Wall's Practical Extracting and Report
ii  apache-common   1.3.3-7        Support files for all Apache webservers
ii  apache-common   1.3.3-7        Support files for all Apache webservers


Reply sent to Johnie Ingram <johnie@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to <bhmit1@hobbes.resnet.wm.edu>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 34099-close@bugs.debian.org (full text, mbox):

From: Johnie Ingram <johnie@debian.org>
To: 34099-close@bugs.debian.org
Subject: Bug#34099: fixed in apache 1.3.9-11
Date: 27 Feb 2000 06:55:59 -0000
We believe that the bug you reported is fixed in the latest version of
apache, which has been installed in the Debian FTP archive:
apache-common_1.3.9-11_i386.deb
  to dists/potato/main/binary-i386/web/apache-common_1.3.9-11.deb
  replacing apache-common_1.3.9-10.deb
apache-common_1.3.9-11_i386.deb
  to dists/woody/main/binary-i386/web/apache-common_1.3.9-11.deb
  replacing apache-common_1.3.9-10.deb
apache_1.3.9-11.dsc
  to dists/potato/main/source/web/apache_1.3.9-11.dsc
  replacing apache_1.3.9-10.dsc
apache_1.3.9-11.dsc
  to dists/woody/main/source/web/apache_1.3.9-11.dsc
  replacing apache_1.3.9-10.dsc
apache_1.3.9-11_i386.deb
  to dists/potato/main/binary-i386/web/apache_1.3.9-11.deb
  replacing apache_1.3.9-10.deb
apache_1.3.9-11_i386.deb
  to dists/woody/main/binary-i386/web/apache_1.3.9-11.deb
  replacing apache_1.3.9-10.deb
apache-doc_1.3.9-11_all.deb
  to dists/potato/main/binary-all/doc/apache-doc_1.3.9-11.deb
  replacing apache-doc_1.3.9-10.deb
apache-doc_1.3.9-11_all.deb
  to dists/woody/main/binary-all/doc/apache-doc_1.3.9-11.deb
  replacing apache-doc_1.3.9-10.deb
apache-dev_1.3.9-11_i386.deb
  to dists/potato/main/binary-i386/web/apache-dev_1.3.9-11.deb
  replacing apache-dev_1.3.9-10.deb
apache-dev_1.3.9-11_i386.deb
  to dists/woody/main/binary-i386/web/apache-dev_1.3.9-11.deb
  replacing apache-dev_1.3.9-10.deb
apache_1.3.9-11.diff.gz
  to dists/potato/main/source/web/apache_1.3.9-11.diff.gz
  replacing apache_1.3.9-10.diff.gz
apache_1.3.9-11.diff.gz
  to dists/woody/main/source/web/apache_1.3.9-11.diff.gz
  replacing apache_1.3.9-10.diff.gz

Note that this package is not part of the released stable Debian
distribution.  It may have dependencies on other unreleased software,
or other instabilities.  Please take care if you wish to install it.
The update will eventually make its way into the next released Debian
distribution.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 34099@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Johnie Ingram <johnie@debian.org> (supplier of updated apache package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----

Format: 1.6
Date: Sat, 26 Feb 2000 13:49:08 -0600
Source: apache
Binary: apache-doc apache-dev apache-common apache
Architecture: source i386 all
Version: 1.3.9-11
Distribution: frozen unstable
Urgency: low
Maintainer: Johnie Ingram <johnie@debian.org>
Description: 
 apache     - Versatile, high-performance HTTP server
 apache-common - Support files for all Apache webservers
 apache-dev - Apache webserver development kit
 apache-doc - Apache webserver docs
Closes: 34099 49113 49849 51732 52683 53498 55750 56862 57333 58134 58168 58732
Changes: 
 apache (1.3.9-11) frozen unstable; urgency=low
 .
   * Reversed openldap2 patch, potato uses v1; closes: #49849, #58168.
   * Added debhelper tag to apache-common postinst, so doc symlink
     management works.
   * Added info file for mod_auth_mysql, closes: #56862.
   * Updated version of mod_throttle, closes: #52683.
   * Fixed example logfile locations in httpd.conf, closes: #49113.
   * Removed info files for modules not included in apache-common, closes:
     #55750, #58732.
   * Default srm.conf AddLanguage corrected from .jp to .ja, closes: #58134.
   * Added sharutils to Build-Depends (due to uudecode in rules).
   * Removed AuthAuthoritative from mod_auth_sys info (it duplicates
     command in mod_auth), closes #45708.
   * Cron script reloads apache with a -HUP, if possible, instead of using
     apachectl which may have undesired side effects, closes: #57333.
   * Disabled phf.apache.org error in default access.conf, closes: #51732.
   * Group for new /var/www directory changed from www-data to root,
     closes: #53498.
   * Default srm.conf restricts /doc/ to localhost, closes: #34099.
Files: 
 e161557cbece26b3b0116151b5e2e8c8 756 web optional apache_1.3.9-11.dsc
 ab8f64c2304193b0b9a4b34f290e04b4 314939 web optional apache_1.3.9-11.diff.gz
 0f9001a86b9ab1971234c86528aec694 540966 doc optional apache-doc_1.3.9-11_all.deb
 7f5f71abbf4a1b4899bb6c5e9feda616 356200 web optional apache_1.3.9-11_i386.deb
 73a048deced19b83455025791ec4b76a 544708 web extra apache-dev_1.3.9-11_i386.deb
 82ff3c7078e622ba64c8883d98384738 714716 web optional apache-common_1.3.9-11_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1

iQCVAwUBOLhxJBCswmGWXGp9AQEWgAQAh/2yjJ0Gu8Sly7gNYfGJKb5oIXyM2SYD
ADjNG7zgKyTusCjkGFMATMmzwfOJUqOVosQfodzNyFDreF6FHF2fhwNQF5LJRFxm
lEhaA64hIJp8NkyYyxy8yFamjiTY7krxE4nLmZqQp9pubzIu9DgwkxN1807FbFgw
NiQEkfR0N4U=
=+Kx+
-----END PGP SIGNATURE-----



Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 25 00:41:26 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.