Bug#279865: marked as done (apache-common: CAN-2004-0940 Vulnerable?)
Your message dated Fri, 05 Nov 2004 15:03:33 +0100
with message-id <418B8835.1030606@fabbione.net>
and subject line Bug#279865: apache-common: CAN-2004-0940 Vulnerable?
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 5 Nov 2004 13:38:09 +0000
>From kreutzm@itp.uni-hannover.de Fri Nov 05 05:38:09 2004
Return-path: <kreutzm@itp.uni-hannover.de>
Received: from mrelay3.uni-hannover.de [130.75.2.41] (root)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CQ4I5-0002wD-00; Fri, 05 Nov 2004 05:38:09 -0800
Received: from mail.itp.uni-hannover.de (mail.itp.uni-hannover.de [130.75.25.242])
by mrelay3.uni-hannover.de (8.12.10/8.12.10) with ESMTP id iA5Dc2lA018047
for <submit@bugs.debian.org>; Fri, 5 Nov 2004 14:38:02 +0100 (MET)
Received: from pleione.itp.uni-hannover.de (pleione.itp.uni-hannover.de [130.75.25.99])
by mail.itp.uni-hannover.de (Postfix) with ESMTP id B4A3B2F087
for <submit@bugs.debian.org>; Fri, 5 Nov 2004 14:37:57 +0100 (CET)
Received: by pleione.itp.uni-hannover.de (Postfix, from userid 237)
id 80A8F5F42; Fri, 5 Nov 2004 14:37:57 +0100 (CET)
Date: Fri, 5 Nov 2004 14:37:57 +0100
From: Helge Kreutzmann <kreutzm@itp.uni-hannover.de>
To: submit@bugs.debian.org
Subject: apache-common: CAN-2004-0940 Vulnerable?
Message-ID: <[🔎] 20041105133757.GA8883@itp.uni-hannover.de>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="jRHKVT23PllUwdXP"
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
X-Public-Key-URL: http://www.itp.uni-hannover.de/~kreutzm/data/kreutzm.gpg
X-homepage: http://www.itp.uni-hannover.de/~kreutzm
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.2.2 (mrelay3.uni-hannover.de [130.75.2.41]); Fri, 05 Nov 2004 14:38:02 +0100 (MET)
X-Scanned-By: MIMEDefang 2.42
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
--jRHKVT23PllUwdXP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: apache-common
Version: 1.3.26-0woody5
Severity: grave
Justification: user security hole
Tags: woody, security
According to=20
http://www.apache.org/dist/httpd/Announcement.html
the new apache fixes two vulnerabilities with CAN-numbers. While -492 was
fixed in a previous security upload, there is no mention of 940 neither in
the changelog, nor did I find a bug report, nor is it mentioned on
http://www.debian.org/security/nonvulns-woody
Please reassing if I submitted against the wrong package or add this CAN to
the above mentioned nonvulns-list if woody is not affected.
-- System Information
Debian Release: 3.0
Architecture: alpha
Kernel: Linux jari 2.4.26-grsec-hk04 #1 Fri Aug 6 12:23:40 CEST 2004 alpha
Locale: LANG=3DC, LC_CTYPE=3DC
Versions of packages apache-common depends on:
ii libc6.1 2.2.5-11.5 GNU C Library: Shared librarie=
s an
ii libdb2 2:2.7.7.0-7 The Berkeley database routines=
(ru
ii libexpat1 1.95.2-6 XML parsing C library - runtim=
e li
ii perl 5.6.1-8.7 Larry Wall's Practical Extract=
ion=20
ii perl [perl5] 5.6.1-8.7 Larry Wall's Practical Extract=
ion=20
--=20
Helge Kreutzmann, Dipl.-Phys. Helge.Kreutzmann@itp.uni-hannov=
er.de
gpg signed mail preferred=20
64bit GNU powered http://www.itp.uni-hannover.de/~kreu=
tzm
Help keep free software "libre": http://www.freepatents.org/
--jRHKVT23PllUwdXP
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBi4I1RsxcY/MYpWoRAonIAKC5WU+2P+NVJ9fdc7LuamZoqRrQsgCgs12i
5WsfQt4jKNUlIRGkBokbFZM=
=19ax
-----END PGP SIGNATURE-----
--jRHKVT23PllUwdXP--
---------------------------------------
Received: (at 279865-done) by bugs.debian.org; 5 Nov 2004 14:03:46 +0000
>From fabbione@fabbione.net Fri Nov 05 06:03:45 2004
Return-path: <fabbione@fabbione.net>
Received: from port49.ds1-van.adsl.cybercity.dk (trider-g7.fabbione.net) [212.242.141.114]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CQ4gp-0005bL-00; Fri, 05 Nov 2004 06:03:43 -0800
Received: from localhost (localhost [127.0.0.1])
by trider-g7.fabbione.net (Postfix) with ESMTP id B74F87ACA
for <279865-done@bugs.debian.org>; Fri, 5 Nov 2004 15:03:39 +0100 (CET)
Received: from trider-g7.fabbione.net ([127.0.0.1])
by localhost (trider-g7 [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id 06419-02-9 for <279865-done@bugs.debian.org>;
Fri, 5 Nov 2004 15:03:32 +0100 (CET)
Received: from [192.168.1.6] (gordian.int.fabbione.net [192.168.1.6])
by trider-g7.fabbione.net (Postfix) with ESMTP id 0D76D7AC3
for <279865-done@bugs.debian.org>; Fri, 5 Nov 2004 15:03:31 +0100 (CET)
Message-ID: <418B8835.1030606@fabbione.net>
Date: Fri, 05 Nov 2004 15:03:33 +0100
From: Fabio Massimo Di Nitto <fabbione@fabbione.net>
User-Agent: Mozilla Thunderbird 0.8 (X11/20041102)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: 279865-done@bugs.debian.org
Subject: Re: Bug#279865: apache-common: CAN-2004-0940 Vulnerable?
References: <[🔎] 20041105133757.GA8883@itp.uni-hannover.de>
In-Reply-To: <[🔎] 20041105133757.GA8883@itp.uni-hannover.de>
X-Enigmail-Version: 0.86.1.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at fabbione.net
Delivered-To: 279865-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Helge Kreutzmann wrote:
| Package: apache-common
| Version: 1.3.26-0woody5
| Severity: grave
| Justification: user security hole
| Tags: woody, security
|
| According to
| http://www.apache.org/dist/httpd/Announcement.html
|
| the new apache fixes two vulnerabilities with CAN-numbers. While -492 was
| fixed in a previous security upload, there is no mention of 940 neither in
| the changelog, nor did I find a bug report, nor is it mentioned on
|
| http://www.debian.org/security/nonvulns-woody
|
| Please reassing if I submitted against the wrong package or add this CAN to
| the above mentioned nonvulns-list if woody is not affected.
Thanks for reporting this twice already. Please before filing bugs you are welcome to check both
debian-apache mailing lists and bugs.debian.org/src:apache.
Fabio
- --
Self-Service law:
The last available dish of the food you have decided to eat, will be
inevitably taken from the person in front of you.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBi4gzhCzbekR3nhgRAv2vAKCUfVa9lDir7uQHVbiy/xFTzJ2eFwCfSqlJ
uc0vyd0VrOmd8jVWpXuWzpw=
=bugF
-----END PGP SIGNATURE-----
Reply to: