CAN-2004-0811 Fix merging of the Satisfy directive, which was applied to the surrounding context and could allow access despite configured authentication. Fixed in Apache CVS: http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/core.c?r1=1.285&r2=1.286 Apache PR #31315: http://issues.apache.org/bugzilla/show_bug.cgi?id=31315 Updated Apache-2.0.51 ebuild coming in a minute.
Created attachment 40040 [details, diff] net-www/apache/files/patches/2.0.51-r1/00_satisfy_merge.patch Fixes Merging of Satisfy Directives.
Created attachment 40041 [details] apache-2.0.51-r1.ebuild Applies supplied patch fixing bug.
Created attachment 40043 [details, diff] Patch for 2.0.51 -> r1 Added a patch for the ebuild, instead of the full thing...
Apache 2.0.51-r1 is in the tree, and ready for testing on all arches. Best regards, Stu
arches, please mark stable: current KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" target KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 sparc x86"
stable on ppc
Sparc stable.
amd64/arm/hppa/ia64 stable now
Stable on mips.
Stable on alpha.
Reassigning product/component
Stable on x86
GLSA 200409-33
*** Bug 66551 has been marked as a duplicate of this bug. ***
done via superceded 2.0.52 which is marked stable on ppc64