[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#345922: marked as done (options error in Apache config file)

Your message dated Mon, 16 Jan 2006 04:32:05 -0800
with message-id <E1EyTWn-0003Iq-6W@spohr.debian.org>
and subject line Bug#345922: fixed in apache2 2.0.55-4
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 4 Jan 2006 10:00:50 +0000
>From ian_bruce@fastmail.fm Wed Jan 04 02:00:49 2006
Return-path: <ian_bruce@fastmail.fm>
Received: from ip-210-137.ppp.ucc-net.ca ([216.113.210.137] helo=localhost.localdomain)
	by spohr.debian.org with esmtp (Exim 4.50)
	id 1Eu5Mi-0001Tg-Ae
	for submit@bugs.debian.org; Wed, 04 Jan 2006 01:55:32 -0800
Received: by localhost with smtp 
	id 1Eu5Oh-0004xf-VK
	for <submit@bugs.debian.org>; Wed, 04 Jan 2006 01:57:36 -0800
Date: Wed, 4 Jan 2006 01:57:34 -0800
From: Ian Bruce <ian_bruce@fastmail.fm>
To: submit@bugs.debian.org
Subject: options error in Apache config file
Message-Id: <[🔎] 20060104015734.558e44c3.ian_bruce@fastmail.fm>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-7.5 required=4.0 tests=BAYES_00,HAS_PACKAGE,
	RCVD_IN_SORBS autolearn=no version=2.60-bugs.debian.org_2005_01_02

Package: apache2-common
Version: 2.0.55-3

The file "/etc/apache2/sites-available/default" contains this item (in
the "/usr/lib/cgi-bin" section):

    Options ExecCGI -MultiViews +SymLinksIfOwnerMatch

This is explicitly disallowed by the Apache documentation.

>From "http://httpd.apache.org/docs/2.0/mod/core.html#options"; :

    Warning

    Mixing Options with a + or - with those without is not valid syntax,
    and is likely to cause unexpected results.

This entry does indeed result in various problems, but you will not
discover that it is the cause of those problems without carefully
reading the documentation. It needs to be fixed. Prefixing a "+" to the
"ExecCGI" option would resolve the issue.


-- Ian Bruce

---------------------------------------
Received: (at 345922-close) by bugs.debian.org; 16 Jan 2006 12:40:33 +0000
>From katie@ftp-master.debian.org Mon Jan 16 04:40:33 2006
Return-path: <katie@ftp-master.debian.org>
Received: from katie by spohr.debian.org with local (Exim 4.50)
	id 1EyTWn-0003Iq-6W; Mon, 16 Jan 2006 04:32:05 -0800
From: Adam Conrad <adconrad@0c3.net>
To: 345922-close@bugs.debian.org
X-Katie: $Revision: 1.65 $
Subject: Bug#345922: fixed in apache2 2.0.55-4
Message-Id: <E1EyTWn-0003Iq-6W@spohr.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Mon, 16 Jan 2006 04:32:05 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02

Source: apache2
Source-Version: 2.0.55-4

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

apache2-common_2.0.55-4_i386.deb
  to pool/main/a/apache2/apache2-common_2.0.55-4_i386.deb
apache2-common_2.0.55-4_powerpc.deb
  to pool/main/a/apache2/apache2-common_2.0.55-4_powerpc.deb
apache2-doc_2.0.55-4_all.deb
  to pool/main/a/apache2/apache2-doc_2.0.55-4_all.deb
apache2-mpm-perchild_2.0.55-4_i386.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4_i386.deb
apache2-mpm-perchild_2.0.55-4_powerpc.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4_powerpc.deb
apache2-mpm-prefork_2.0.55-4_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4_i386.deb
apache2-mpm-prefork_2.0.55-4_powerpc.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4_powerpc.deb
apache2-mpm-worker_2.0.55-4_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.0.55-4_i386.deb
apache2-mpm-worker_2.0.55-4_powerpc.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.0.55-4_powerpc.deb
apache2-prefork-dev_2.0.55-4_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.0.55-4_i386.deb
apache2-prefork-dev_2.0.55-4_powerpc.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.0.55-4_powerpc.deb
apache2-threaded-dev_2.0.55-4_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.0.55-4_i386.deb
apache2-threaded-dev_2.0.55-4_powerpc.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.0.55-4_powerpc.deb
apache2-utils_2.0.55-4_i386.deb
  to pool/main/a/apache2/apache2-utils_2.0.55-4_i386.deb
apache2-utils_2.0.55-4_powerpc.deb
  to pool/main/a/apache2/apache2-utils_2.0.55-4_powerpc.deb
apache2_2.0.55-4.diff.gz
  to pool/main/a/apache2/apache2_2.0.55-4.diff.gz
apache2_2.0.55-4.dsc
  to pool/main/a/apache2/apache2_2.0.55-4.dsc
apache2_2.0.55-4_i386.deb
  to pool/main/a/apache2/apache2_2.0.55-4_i386.deb
apache2_2.0.55-4_powerpc.deb
  to pool/main/a/apache2/apache2_2.0.55-4_powerpc.deb
libapr0-dev_2.0.55-4_i386.deb
  to pool/main/a/apache2/libapr0-dev_2.0.55-4_i386.deb
libapr0-dev_2.0.55-4_powerpc.deb
  to pool/main/a/apache2/libapr0-dev_2.0.55-4_powerpc.deb
libapr0_2.0.55-4_i386.deb
  to pool/main/a/apache2/libapr0_2.0.55-4_i386.deb
libapr0_2.0.55-4_powerpc.deb
  to pool/main/a/apache2/libapr0_2.0.55-4_powerpc.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 345922@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adam Conrad <adconrad@0c3.net> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 26 Nov 2005 19:06:32 +1100
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-worker libapr0 apache2-threaded-dev apache2-common apache2-mpm-perchild
Architecture: all i386 powerpc source 
Version: 2.0.55-4
Distribution: unstable
Urgency: low
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Adam Conrad <adconrad@0c3.net>
Description: 
 apache2    - next generation, scalable, extendable web server
 apache2-common - next generation, scalable, extendable web server
 apache2-doc - documentation for apache2
 apache2-mpm-perchild - experimental high speed perchild threaded model for Apache2
 apache2-mpm-prefork - traditional model for Apache2
 apache2-mpm-worker - high speed threaded model for Apache2
 apache2-prefork-dev - development headers for apache2
 apache2-threaded-dev - development headers for apache2
 apache2-utils - utility programs for webservers
 libapr0    - the Apache Portable Runtime
 libapr0-dev - development headers for libapr
Closes: 307921 330275 339323 340761 345922
Changes: 
 apache2 (2.0.55-4) unstable; urgency=low
 .
   * Add 050_mod_imap_CVE-2005-3352 to escape untrusted referer headers in
     mod_imap before outputting HTML to avoid XSS attacks; see CVE-2005-3352
   * Add 051_mod_ssl_CVE-2005-3357 to avoid a remote denial of service in
     threaded MPMs when making a non-SSL connection to an SSL-enabled port
     on a server with a custom 400 error document defined; see CVE-2005-3357
   * Clean up our use of trailing slashes on directories in debian/rules, so
     the newer, pickier, obviously very improved coreutils doesn't bite us.
   * Remove some cruft from apache2-common's postinst, dealing with upgrade
     scenarios from versions older than those released in Sarge or Warty.
   * Use "SHELL := sh -e" in debian/rules, so the build will stop on shell
     errors, instead of blundering on to later make targets (closes: #340761)
   * Recreate /var/run/apache2 and /var/lock/apache2 in our init script, in
     case the user has /var/run and /var/lock on tmpfs, which is fasionable.
   * Make our init script a /bin/bash script instead of a /bin/sh script, so
     we can abuse it with regex globbing (#348189, #347962, #340955, #342008)
   * Take patch from Adrian Bridgett to output errors from our config test
     in the init script, but only do so when we're VERBOSE (closes: #339323)
   * In the spirit of the LSB, make our init script exit 2 when called with
     incorrect arguments, and exit 4 when asked for status (closes: #330275)
   * Fix the default site to not mix configuration syntax (closes: #345922)
   * Mention apxs2 in the apache2-*-dev long descriptions (closes: #307921)
Files: 
 01501a6dd4111291920c974b0af4e5ae 806372 net optional apache2-common_2.0.55-4_i386.deb
 0656e2babab9ecbdc78d59bffe237710 214972 net optional apache2-mpm-prefork_2.0.55-4_powerpc.deb
 0d6643b5d7e227651c42df1d99964f99 170580 devel optional apache2-prefork-dev_2.0.55-4_powerpc.deb
 22e717e15276919bd68fb5bcb9bf8c41 212462 net optional apache2-mpm-worker_2.0.55-4_i386.deb
 265b56a335e9dc2234b16e577303f082 92672 net optional apache2-utils_2.0.55-4_i386.deb
 273312b083b1cb6fc903792c668b9f0c 103038 net optional apache2-utils_2.0.55-4_powerpc.deb
 2909d8aa6b57ffa0abb1846e309cc0ca 170570 devel optional apache2-prefork-dev_2.0.55-4_i386.deb
 30953595c4b56c44db9309e5093c59b3 280456 libdevel optional libapr0-dev_2.0.55-4_powerpc.deb
 317cd63f07cb37bd40fed7c6486246bc 266942 libdevel optional libapr0-dev_2.0.55-4_i386.deb
 38850ccae940e633852be1ab08efc5b4 171354 devel optional apache2-threaded-dev_2.0.55-4_i386.deb
 3a5aad7409067cca0d167b5b37d2b90a 218804 net optional apache2-mpm-worker_2.0.55-4_powerpc.deb
 3fdac5a0dd810227a6d0c6845a5faf05 219276 net optional apache2-mpm-perchild_2.0.55-4_powerpc.deb
 6e74b5b7438a011a284a35e614336afe 35392 web optional apache2_2.0.55-4_i386.deb
 88e3e55be774600ab46cbd0344f65f2a 137470 net optional libapr0_2.0.55-4_i386.deb
 897e5da766c1ee27c080b3cd43fb69eb 209030 net optional apache2-mpm-prefork_2.0.55-4_i386.deb
 8b190e18e94ceb14a02dbbfa2b90486e 2123842 doc optional apache2-doc_2.0.55-4_all.deb
 a41ec991f06a260b7d19127f06ff7d98 858630 net optional apache2-common_2.0.55-4_powerpc.deb
 a77979e4012d85d6e4058a267c7b6ab8 115301 net optional apache2_2.0.55-4.diff.gz
 c1eef4372d3e58201a55a3fe41d65c01 212866 net optional apache2-mpm-perchild_2.0.55-4_i386.deb
 bbbbaca2321dd3b7bfd5ca33fc3cbc65 1130 net optional apache2_2.0.55-4.dsc
 e52e1e75827892140511c1462177119f 171356 devel optional apache2-threaded-dev_2.0.55-4_powerpc.deb
 f0b0c2e2892763dbbf0c7a44311b88d4 140534 net optional libapr0_2.0.55-4_powerpc.deb
 f535aeec0eda0ec60716a88f6e5e11de 35398 web optional apache2_2.0.55-4_powerpc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDy4mJvjztR8bOoMkRAir9AKDsTkZ5R/zZykDgFiwjQvTlsdz8YwCgmG+B
w1HPgt5YkHBRJVhuJXhD4eg=
=+X+C
-----END PGP SIGNATURE-----
Reply to: