Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <201204190829.48828.holger@layer-acht.org>
Date: Thu, 19 Apr 2012 08:29:46 +0200
From: Holger Levsen <holger@...er-acht.org>
To: 668667@...s.debian.org
Cc: Kurt Seifried <kseifried@...hat.com>,
 oss-security@...ts.openwall.com,
 Helmut Grohne <helmut@...divi.de>,
 "Steven M. Christey" <coley@...us.mitre.org>,
 Jan Lieskovsky <jlieskov@...hat.com>
Subject: Re: [Packaging] Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws

On Donnerstag, 19. April 2012, Kenyon Ralph wrote:
> On Debian, symlinks to enable plugins are installed by default, and an
> apache2 configuration is automatically activated. So, on Debian, if
> your httpd is publicly-accessible, the munin pages and CGI will be
> publicly-accessible.

though on Debian, apache is only accessable on localhost per default.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.