Bug#279753: marked as done (apache: execute arbitrary code via SSI issue (CAN-2004-0940))
Your message dated Fri, 05 Nov 2004 08:33:14 +0100
with message-id <418B2CBA.7010104@fabbione.net>
and subject line Bug#279753: apache: execute arbitrary code via SSI issue (CAN-2004-0940)
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 5 Nov 2004 05:08:22 +0000
>From henrich@samba.gr.jp Thu Nov 04 21:08:22 2004
Return-path: <henrich@samba.gr.jp>
Received: from 204.57.138.210.xn.2iij.net (mebius) [210.138.57.204]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CPwKe-00085n-00; Thu, 04 Nov 2004 21:08:17 -0800
Received: by mebius (Postfix, from userid 1000)
id 7C20E44B0; Fri, 5 Nov 2004 14:10:27 +0900 (JST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Hideki Yamane <henrich@samba.gr.jp>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: apache: execute arbitrary code via SSI issue (CAN-2004-0940)
X-Mailer: reportbug 3.1
Date: Fri, 05 Nov 2004 14:10:26 +0900
Message-Id: <[🔎] 20041105051027.7C20E44B0@mebius>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.3 required=4.0 tests=BAYES_00,HAS_PACKAGE,
NO_DNS_FOR_FROM autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: apache
Version: 1.3.27-0.1
Severity: important
Tags: woody, security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear apache maintainer team,
How is CAN-2004-0940 issue in woody coped with?
I've checked "Non-Vulnerability Security Information for woody" page
(http://www.debian.org/security/nonvulns-woody), but there is not
CAN-2004-0940. Probably it affects woody.
I saw it was discussed in debian-apache mailing list, but it is about
package in sarge and sid (1.3.31 based), not woody (1.3.26 based).
So, I want to know about state of woody's apache.
- --
Regards,
Hideki Yamane henrich @ samba.gr.jp/iijmio-mail.jp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBiwtCIu0hy8THJksRAr6bAJ99PhH07nrrnOXzNkNfkXENg4L6sACcDbUC
oUeIp1I/D+s4lIoHkRCbs/Q=
=tYRw
-----END PGP SIGNATURE-----
---------------------------------------
Received: (at 279753-done) by bugs.debian.org; 5 Nov 2004 07:33:25 +0000
>From fabbione@fabbione.net Thu Nov 04 23:33:25 2004
Return-path: <fabbione@fabbione.net>
Received: from port49.ds1-van.adsl.cybercity.dk (trider-g7.fabbione.net) [212.242.141.114]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CPyb7-0002Zf-00; Thu, 04 Nov 2004 23:33:25 -0800
Received: from localhost (localhost [127.0.0.1])
by trider-g7.fabbione.net (Postfix) with ESMTP id B15C37A68;
Fri, 5 Nov 2004 08:33:21 +0100 (CET)
Received: from trider-g7.fabbione.net ([127.0.0.1])
by localhost (trider-g7 [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id 18886-14-8; Fri, 5 Nov 2004 08:33:13 +0100 (CET)
Received: from [192.168.1.6] (gordian.int.fabbione.net [192.168.1.6])
by trider-g7.fabbione.net (Postfix) with ESMTP id 2284C7A67;
Fri, 5 Nov 2004 08:33:13 +0100 (CET)
Message-ID: <418B2CBA.7010104@fabbione.net>
Date: Fri, 05 Nov 2004 08:33:14 +0100
From: Fabio Massimo Di Nitto <fabbione@fabbione.net>
User-Agent: Mozilla Thunderbird 0.8 (X11/20041102)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Hideki Yamane <henrich@samba.gr.jp>, 279753-done@bugs.debian.org
Subject: Re: Bug#279753: apache: execute arbitrary code via SSI issue (CAN-2004-0940)
References: <[🔎] 20041105051027.7C20E44B0@mebius>
In-Reply-To: <[🔎] 20041105051027.7C20E44B0@mebius>
X-Enigmail-Version: 0.86.1.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at fabbione.net
Delivered-To: 279753-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.3 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER,
SUBJ_HAS_UNIQ_ID autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
Hideki Yamane wrote:
| Package: apache
| Version: 1.3.27-0.1
There is no such version in woody.
| Severity: important
| Tags: woody, security
|
| Dear apache maintainer team,
|
| How is CAN-2004-0940 issue in woody coped with?
We are working on it. No need to panic.
| I saw it was discussed in debian-apache mailing list, but it is about
| package in sarge and sid (1.3.31 based), not woody (1.3.26 based).
| So, I want to know about state of woody's apache.
woody requires more time to be prepared properly and tested. The package needs
to reviewed twice and it needs to be built on all woody arch.
There will be an upload soon.
Fabio
- --
Self-Service law:
The last available dish of the food you have decided to eat, will be
inevitably taken from the person in front of you.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBiyy5hCzbekR3nhgRAkUpAJ9YECo1iffC1XiI7fM4j6HdMOasbgCdHKOk
vpZjIkIrwgLxrty9mWf6zSE=
=T9jY
-----END PGP SIGNATURE-----
Reply to: