From: Vincent Bernat <bernat@luffy.cx>
Date: Fri, 4 May 2007 22:26:47 +0000 (+0000)
Subject: Fix a security issue with logs directory
X-Git-Url: https://git.donarmstrong.com/?a=commitdiff_plain;h=5eaf9171e3d0c378d53d7d86dbb30476738cb479;p=roundcube.git

Fix a security issue with logs directory
---

diff --git a/debian/changelog b/debian/changelog
index 0a9d79b..8d19071 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+roundcube (0.1~beta2.2~dfsg-2) experimental; urgency=high
+
+  * Fix a security issue by disallowing access to logs.
+
+ -- Vincent Bernat <bernat@luffy.cx>  Sat,  5 May 2007 00:23:40 +0200
+
 roundcube (0.1~beta2.2~dfsg-1) experimental; urgency=low
 
   * Initial release. (Closes: #333756, #344949)
diff --git a/debian/conf/apache.conf b/debian/conf/apache.conf
index 1f5cffa..b4447d4 100644
--- a/debian/conf/apache.conf
+++ b/debian/conf/apache.conf
@@ -22,4 +22,9 @@
 	Deny from all
 </Directory>
 
-
+<Directory /var/lib/roundcube/logs>
+        Options -FollowSymLinks
+        AllowOverride None
+	Order allow,deny
+	Deny from all
+</Directory>