Bug#256963: marked as done (apache2: DoS in apache httpd 2.0.49 issue (CAN-2004-0493))

To: Thom May <thom@debian.org>
Cc: Debian Apache Maintainers <debian-apache@lists.debian.org>
Subject: Bug#256963: marked as done (apache2: DoS in apache httpd 2.0.49 issue (CAN-2004-0493))
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 06 Jul 2004 16:18:03 -0700
Message-id: <[🔎] handler.256963.D256963.108915511628605.ackdone@bugs.debian.org>
In-reply-to: <20040706230457.GB10237@fandango.home.clearairturbulence.org>
References: <20040706230457.GB10237@fandango.home.clearairturbulence.org> <20040630081947.4F33F4488@mebius>

Your message dated Wed, 7 Jul 2004 00:04:57 +0100
with message-id <20040706230457.GB10237@fandango.home.clearairturbulence.org>
and subject line Bug#256963: apache2: DoS in apache httpd 2.0.49 issue (CAN-2004-0493)
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 30 Jun 2004 08:19:43 +0000
>From henrich@mebius.ma-aya.to Wed Jun 30 01:19:43 2004
Return-path: <henrich@mebius.ma-aya.to>
Received: from 204.57.138.210.xn.2iij.net (mebius) [210.138.57.204] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BfaJj-0002cv-00; Wed, 30 Jun 2004 01:19:43 -0700
Received: by mebius (Postfix, from userid 1000)
	id 4F33F4488; Wed, 30 Jun 2004 17:19:47 +0900 (JST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Hideki Yamane <henrich@samba.gr.jp>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: apache2: DoS in apache httpd 2.0.49 issue (CAN-2004-0493)
X-Mailer: reportbug 2.62
Date: Wed, 30 Jun 2004 17:19:47 +0900
Message-Id: <20040630081947.4F33F4488@mebius>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-7.0 required=4.0 tests=BAYES_01,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: apache2
Severity: normal
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear apache2 maintainer team,

 Probably you know, but FYI.
 (I cannot find discussion in debian-apache ML and new packages 
  in incoming, so I posted this in BTS. This post makes users to 
  track security issue more easier, I think).

 Georgi Guninski found security flaw about DoS attack in apache 2.0.49.
 (http://www.guninski.com/httpd1.html)

 and patch is here.
 http://www.apache.org/dist/httpd/patches/apply_to_2.0.49/CAN-2004-0493.patch
 Is there any plan to apply this patch?
 

 If I had overlooked your working about this issue, please let me know 
 what I should see.

- --
Regards,

 Hideki Yamane     henrich @ samba.gr.jp/iijmio-mail.jp


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA4neiIu0hy8THJksRAh7mAJ9kkr5I4dFmmNaxL75UPXxvMVOWQQCfZmlT
CF+W3gAGJVL5SShaiZ5Ktho=
=dBpV
-----END PGP SIGNATURE-----

---------------------------------------
Received: (at 256963-done) by bugs.debian.org; 6 Jul 2004 23:05:16 +0000
>From thom@debian.org Tue Jul 06 16:05:16 2004
Return-path: <thom@debian.org>
Received: from amnesiac.heapspace.net [195.54.228.42] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1Bhz00-0007Qa-00; Tue, 06 Jul 2004 16:05:16 -0700
Received: from localhost (localhost [127.0.0.1])
	by amnesiac.heapspace.net (Postfix) with ESMTP id 990D257D8;
	Wed,  7 Jul 2004 00:04:58 +0100 (BST)
Received: from amnesiac.heapspace.net ([127.0.0.1])
 by localhost (amnesiac.heapspace.net [127.0.0.1]) (amavisd-new, port 10024)
 with LMTP id 52884-02-30; Wed,  7 Jul 2004 00:04:58 +0100 (BST)
Received: from fandango.home.clearairturbulence.org (dev.bitch-whore.com [213.208.111.147])
	by amnesiac.heapspace.net (Postfix) with ESMTP id B042B57C2;
	Wed,  7 Jul 2004 00:04:57 +0100 (BST)
Received: by fandango.home.clearairturbulence.org (Postfix, from userid 1000)
	id 3D9593813F74; Wed,  7 Jul 2004 00:04:57 +0100 (BST)
Date: Wed, 7 Jul 2004 00:04:57 +0100
From: Thom May <thom@debian.org>
To: Hideki Yamane <henrich@samba.gr.jp>, 256963-done@bugs.debian.org
Subject: Re: Bug#256963: apache2: DoS in apache httpd 2.0.49 issue (CAN-2004-0493)
Message-ID: <20040706230457.GB10237@fandango.home.clearairturbulence.org>
References: <20040630081947.4F33F4488@mebius>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
In-Reply-To: <20040630081947.4F33F4488@mebius>
X-Operating-System: Linux/2.6.7-mm2 (i686)
User-Agent: Mutt/1.5.6+20040523i
X-Virus-Scanned: by amavisd-new at heapspace.net
Delivered-To: 256963-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

I just uploaded 2.0.50 which fixes this.
-Thom

Reply to:

Prev by Date: Processing of apache2_2.0.50-1_sparc.changes
Next by Date: apache2_2.0.50-1_sparc.changes REJECTED
Previous by thread: Processing of apache2_2.0.50-1_sparc.changes
Next by thread: apache2_2.0.50-1_sparc.changes REJECTED
Index(es):
- Date
- Thread