tech-security: apache-1.3.14 and Netscape-4.76

Subject: apache-1.3.14 and Netscape-4.76
To: None <tech-security@netbsd.org>
From: Emmanuel Dreyfus <p99dreyf@criens.u-psud.fr>
List: tech-security
Date: 04/03/2001 19:21:36

Two question about our document on package security:

apache is insecure prior to 1.3.14. I looked at the apache release
documents, and I was not able to find a security hole fixed in 1.3.14.
What is the problem?

Netscape is supposed to have a remote root shell exploit prior to 4.76.
I think this is wrong, and should be remote user shell...

--=20
Emmanuel Dreyfus. En tant que serveur, Windows NT fait en moins bien=20
ce que UNIX fait depuis des ann=E9es avec une interface utilisateur=20
que seul un utilisateur d'UNIX est capable d'admirer.
p99dreyf@criens.u-psud.fr