Bug#453783: apache2: CVE-2007-4465

Dear Stefan,

> If you can exploit that with Firefox, Firefox should be fixed. Can you
> give more details? I would be very interested.

Will do, offline (because it affects the main web login site of my Uni). Essentially, I found that Firefox will inherit the charset of the parent page, when that had been selected manually (does not inherit the charset specified in headers or meta). I guess this is a "new" bug in Firefox, maybe they should be told...

> Any broswer that interprets ascii as utf7 without being told to do so
> is severely buggy. And CVE-2006-5152 is about MSIE, not about Apache.
> Your retraction was about Apache.

So IE "encoding autoselect" is severely buggy: I almost agree.

Whatever people think CVE-2006-5152 is about, I meant my posts to be about Apache. (No use trying to get MS to fix IE.)

> If it affects only one buggy browser, it's low impact. ...

If that buggy browser is IE, used by 90% of the (deluded) population, then is it not low impact.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek

Cheers,

Paul Szabo psz(at)maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia

-- 
To UNSUBSCRIBE, email to debian-apache-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org