Debian + Apache 2 (CVE-2011-1176)
Debian pushed the apache update finally (get to disable the workaround)
apache2 (2.2.16-6+squeeze1) stable-security; urgency=high
* Fix CVE-2011-1176 in apache2-mpm-itk: If NiceValue was set, the default
with no AssignUserID was to run as root:root instead of the default
Apache
user and group. Closes: #618857
So that should close the issue…
Thanks Debian and Apache for the fix!