Bug#322613: marked as done (Processed: Apache 1.3 also vulnerable?)

To: Adam Conrad <adconrad@0c3.net>
Cc: Debian Apache Maintainers <debian-apache@lists.debian.org>
Subject: Bug#322613: marked as done (Processed: Apache 1.3 also vulnerable?)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 06 Sep 2005 06:18:08 -0700
Message-id: <[🔎] handler.322613.D322613.11260122754358.ackdone@bugs.debian.org>
In-reply-to: <431D954C.3020101@0c3.net>
References: <431D954C.3020101@0c3.net> <20050811204725.42530c73@xeniac.intern>

Your message dated Tue, 06 Sep 2005 23:10:36 +1000
with message-id <431D954C.3020101@0c3.net>
and subject line Not vulnerable
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 11 Aug 2005 18:47:32 +0000
>From ch@debian.org Thu Aug 11 11:47:31 2005
Return-path: <ch@debian.org>
Received: from mail3b.westend.com (mail3b2.westend.com) [212.117.79.78] 
	by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
	id 1E3I5T-0002HP-00; Thu, 11 Aug 2005 11:47:31 -0700
Received: from localhost (localhost [127.0.0.1])
	by mail3b2.westend.com (Postfix) with ESMTP id AC1051212B7
	for <submit@bugs.debian.org>; Thu, 11 Aug 2005 20:47:30 +0200 (CEST)
Received: from mail3b2.westend.com ([127.0.0.1])
	by localhost (mail3b [127.0.0.1]) (amavisd-new, port 20024)
	with ESMTP id 30692-09 for <submit@bugs.debian.org>;
	Thu, 11 Aug 2005 20:47:26 +0200 (CEST)
Received: from xeniac.intern (office-gw.westend.com [212.117.64.2])
	by mail3b2.westend.com (Postfix) with ESMTP id 502901212B6
	for <submit@bugs.debian.org>; Thu, 11 Aug 2005 20:47:26 +0200 (CEST)
Date: Thu, 11 Aug 2005 20:47:25 +0200
From: Christian Hammers <ch@debian.org>
To: submit@bugs.debian.org
Subject: Re: Processed: Apache 1.3 also vulnerable?
Message-ID: <20050811204725.42530c73@xeniac.intern>
In-Reply-To: <handler.s.C.112378328223233.transcript@bugs.debian.org>
References: <20050811180116.GA707@westend.com>
	<handler.s.C.112378328223233.transcript@bugs.debian.org>
Organization: www.debian.org
X-Mailer: Sylpheed-Claws 1.0.4 (GTK+ 1.2.10; i386-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02

Package: apache
Severity: critical
Tags: security
thanks

Cloning did not work, so I open a new bug report. Reason was that
RedHat/Fedora also updated their 1.3.27 packages so this version
might also be vulnerable.

> > clone 320048 -2
> Bug#320048: SECURITY: buffer-overrun in apache2-ssl (CAN-2005-1268)
> Bug is marked as being merged with others.
> 
> > reassign -2 apache
> Bug number -2 not found.

bye,

-christian-

---------------------------------------
Received: (at 322613-done) by bugs.debian.org; 6 Sep 2005 13:11:15 +0000
>From adconrad@0c3.net Tue Sep 06 06:11:15 2005
Return-path: <adconrad@0c3.net>
Received: from loki.0c3.net [69.0.240.48] 
	by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
	id 1ECdEJ-00016d-00; Tue, 06 Sep 2005 06:11:15 -0700
Received: from [203.49.196.168] (helo=[10.0.0.4])
	by loki.0c3.net with esmtp (Exim 4.34)
	id 1ECdDn-0003yE-U8
	for 322613-done@bugs.debian.org; Tue, 06 Sep 2005 07:10:44 -0600
Message-ID: <431D954C.3020101@0c3.net>
Date: Tue, 06 Sep 2005 23:10:36 +1000
From: Adam Conrad <adconrad@0c3.net>
User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050831)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: 322613-done@bugs.debian.org
Subject: Not vulnerable
X-Enigmail-Version: 0.92.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Delivered-To: 322613-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
	version=2.60-bugs.debian.org_2005_01_02

Apache 1.3 is not vulnerable to CAN-2005-1268

... Adam

Reply to:

Prev by Date: Bug#326694: [ham] Re: Bug#326694: apache-ssl won't run .php files
Next by Date: Bug#326911: apache: Placeholder page includes dead link to Johnie Ingram's page netgod.net
Previous by thread: Bug#326822: apache corrupts Content-Encoding header for Release.gpg
Next by thread: Bug#326911: apache: Placeholder page includes dead link to Johnie Ingram's page netgod.net
Index(es):
- Date
- Thread