| 1 |
Am 05.09.2011 09:18, schrieb Michael Hampicke: |
| 2 |
>> So after upgrading against the Range header vulnerability, I find that |
| 3 |
>> apache-2.2.20 seems to litter /etc/apache2 with standard configuration |
| 4 |
>> files, while I don't remember anything at least in 2.2.1x range doing that. |
| 5 |
> |
| 6 |
> Same thing happend to me, but it seems this new config files are not |
| 7 |
> included per default. I am not really sure what to make of this. Which |
| 8 |
> file should I edit from now on? |
| 9 |
> |
| 10 |
> All files seem to be valid, there are no ophans in my apache2 directory |
| 11 |
> (excluding my froxlor and ssl config) |
| 12 |
> |
| 13 |
> # find /etc/apache2/ -type f -print0 | xargs -0 qfile -o | egrep -v |
| 14 |
> "froxlor|ssl" |
| 15 |
> # |
| 16 |
> |
| 17 |
> And if you google for "gentoo apache 2.2.20" guess what you'll find? |
| 18 |
> Yeah, that right, this Thread! :) |
| 19 |
> |
| 20 |
|
| 21 |
I guess it was just happened through an oversight because of the rushed |
| 22 |
release. I just removed those files without ill effects. |
Archives