Fix a security issue with logs directory

diff --git a/debian/changelog b/debian/changelog
index 0a9d79b184a207b42f647a4f54d5f4d650d96611..8d19071b10dfa4f8cc107f460c031ea195e3f9f7 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+roundcube (0.1~beta2.2~dfsg-2) experimental; urgency=high
+
+  * Fix a security issue by disallowing access to logs.
+
+ -- Vincent Bernat <bernat@luffy.cx>  Sat,  5 May 2007 00:23:40 +0200
+
 roundcube (0.1~beta2.2~dfsg-1) experimental; urgency=low
 
   * Initial release. (Closes: #333756, #344949)

diff --git a/debian/conf/apache.conf b/debian/conf/apache.conf
index 1f5cffa74945d9cd16fde5c69c89d534c4ddd000..b4447d47866d39b7bc7b7dd9f720de12eb900740 100644 (file)
--- a/debian/conf/apache.conf
+++ b/debian/conf/apache.conf
@@ -22,4 +22,9 @@
        Deny from all
 </Directory>
 
-
+<Directory /var/lib/roundcube/logs>
+        Options -FollowSymLinks
+        AllowOverride None
+       Order allow,deny
+       Deny from all
+</Directory>