/usr/share/doc/bugzilla3/examples/vh-*.conf files faulty

The examples should also do a better job of protecting sensitive directories. Here are my suggestions

    DocumentRoot /usr/share/bugzilla3/web
    Alias /cgi-bin /usr/lib/cgi-bin/bugzilla3
    Alias /data /var/lib/bugzilla3/data

    RewriteEngine On
    RewriteRule ^/(.*\.cgi.*) /cgi-bin/$1 [PT]
    RewriteRule ^/index.html$ /cgi-bin/index.cgi [PT]
    RewriteLog "/var/log/apache2/rewrite.log"
    RewriteLogLevel 2

    <Directory "/usr/lib/cgi-bin/bugzilla3">
           AllowOverride None
           Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
           Order allow,deny
           Allow from all
           AddHandler cgi-script .cgi
    </Directory>

    <Directory "/var/lib/bugzilla3/data">
           deny from all
    </Directory>

    <Directory "/usr/share/bugzilla3/web/shadow">
           deny from all
    </Directory>

    <FilesMatch ^(.*\.pm|.*\.pl|.*localconfig.*)$>
        deny from all
    </FilesMatch>

Pending für 3.2.4.0-3

This bug was fixed in the package bugzilla - 3.2.4.0-3

---------------
bugzilla (3.2.4.0-3) unstable; urgency=medium

  * Changed processing of Status/Resolution field changes. I hope this
    modification is less disturbing for 99% of typical installations.
  * Fixed ucf warning. Closes: #521855
  * (Ubuntu) Fixed processing of manual checksetup.pl execution.
    LP: #398892, #394972, #394846, #367476, #301909, #317963, #313310
  * (Ubuntu) Installation of outstanding packages is not supported.
    LP: #389962
  * (Ubuntu) perl-modules=5.10.0-24 provides the CGI package of version 3.29
    which is not enought to bugzilla. For Perl 5.10 version 3.33 of CGI
    package is required. LP: #386620
  * (Ubuntu) Added cvs and imagepagick to Recommends. LP: #386598
  * (Ubuntu) Applied example from Rolf Leggewie for vh-basic.conf. LP: #386608
  * (Ubuntu) Restart of apache2 added. LP: #300566
  * (Ubuntu) Processing of templates fixed by pre-checksetup.d script.
    LP: #302192
  * (Ubuntu) The sym-link /usr/share/bugzilla3/web/data ->
    /var/lib/bugzilla3/data is valid. LP: #386592
  * (Ubuntu) Sendmail support is fixed upstream. LP: #281379
  * (Ubuntu) Change file permissions for skins after checksetup.pl call.
    LP: #314123
  * (Ubuntu) Fixed file permissions in /etc/bugzilla3. LP: #386604

bugzilla (3.2.4.0-2) unstable; urgency=medium

  * Fixed checksetup.pl script.
  * Changed severity to medium for security reasons fixed with new upstream
    release.

bugzilla (3.2.4.0-1) unstable; urgency=low

  * New upstream version. Closes: #528228
  * Removed uploaders; nobody else maintains this package.
    Closes: #521431, #536122
  * Added libmail-sendmail-perl dependency. Closes: #516101
  * Change access rights within cron's daily script. Closes: #516135
  * Added dependency on an non-existing package libemail-reply-perl. This
    package will RFP later but can be build with dh-make-perl in the meantime.
    To satisfy the dependencies libemail-mime-creator-perl will be installed
    instead and should be removed later. Closes: #528780
  * Revert access right /usr/share/bugzilla3/lib and /usr/share/perl5/Bugzilla
    to 0775. Closes: #533394
  * Removed VirtualHost section from basic.conf. Closes: #511839
  * Removed bashishm from debian/rules. Closes: #535373
  * Updated Czech translation of bugzilla debconf messages. Closes: #535859
  * Spanish debconf template translation for bugzilla. Closes: #515313
  * Vietnamese debconf templates translation update. Closes: #509436
  * Update to 3.8.2 standard without changes.

 -- Bhavani Shankar <email address hidden> Fri, 24 Jul 2009 16:48:01 +0100