Bug#349793: marked as done (apache-common: Cross-site scripting (XSS) vulnerability in the mod_imap module)
Your message dated Thu, 26 Jan 2006 18:38:57 +0000
with message-id <20060126183857.GC9488@www.lobefin.net>
and subject line Bug#349793: apache-common: Cross-site scripting (XSS) vulnerability in the mod_imap module
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 25 Jan 2006 10:07:17 +0000
>From steve@lobefin.net Wed Jan 25 02:07:17 2006
Return-path: <steve@lobefin.net>
Received: from mail.lobefin.net ([82.71.90.98])
by spohr.debian.org with esmtp (Exim 4.50)
id 1F1hYa-00073a-W6
for submit@bugs.debian.org; Wed, 25 Jan 2006 02:07:17 -0800
Received: from lobefin.net
([82.71.90.97] helo=hadrian.lobefin.net ident=Debian-exim)
by mail.lobefin.net with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1F1hYV-0006A5-9W
for submit@bugs.debian.org; Wed, 25 Jan 2006 10:07:11 +0000
Received: from steve by hadrian.lobefin.net with local (Exim 4.50)
id 1F1hYZ-00077G-M9
for submit@bugs.debian.org; Wed, 25 Jan 2006 10:07:15 +0000
Date: Wed, 25 Jan 2006 10:07:15 +0000
From: Stephen Gran <sgran@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: apache-common: Cross-site scripting (XSS) vulnerability in the mod_imap module
Message-ID: <[🔎] 20060125100715.GA27337@www.lobefin.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="jI8keyz6grp/JLjh"
Content-Disposition: inline
X-Reportbug-Version: 3.8
X-Editor: VIM - Vi IMproved 6.3
X-OS: Linux hadrian 2.6.8-2-686-smp i686
X-Uptime: 18:23
X-Latin: Hodie octavo Kalendas Februarias MMDCCLIX ab urbe condita est
X-Date: Today is Setting Orange, the 25th day of Chaos in the YOLD 3172
X-DDate: Only 2430851 Shopping Days Left Before X-Day. Wibble.
X-Motto: debian/rules
User-Agent: Mutt/1.5.9i
X-Authenticated-Sender: steve
X-Scanned-By: ClamAV 0.88/1248 on mail.lobefin.net; Wed, 25 Jan 2006 10:07:11 +0000
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
--jI8keyz6grp/JLjh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: apache-common
Version: 1.3.33-6sarge1
Severity: grave
Tags: security
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2005-3352
Thanks,
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686-smp
Locale: LANG=3Den_US.ISO-8859-1, LC_CTYPE=3Den_US.ISO-8859-1 (charmap=3DISO=
-8859-1) (ignored: LC_ALL set to en_US.ISO-8859-1)
Versions of packages apache-common depends on:
ii apache2-utils 2.0.54-5 utility programs for webservers
ii debconf 1.4.30.13 Debian configuration managemen=
t sy
ii elinks [www-browser] 0.10.4-7 advanced text-mode WWW browser
ii libc6 2.3.2.ds1-22 GNU C Library: Shared librarie=
s an
ii libdb4.2 4.2.52-18 Berkeley v4.2 Database Librari=
es [
ii libexpat1 1.95.8-3 XML parsing C library - runtim=
e li
ii lynx [www-browser] 2.8.5-2sarge1 Text-mode WWW Browser
ii mime-support 3.28-1 MIME files 'mime.types' & 'mai=
lcap
ii mozilla-browser [www-bro 2:1.7.8-1sarge3 The Mozilla Internet applicati=
on s
ii perl 5.8.4-8sarge3 Larry Wall's Practical Extract=
ion=20
ii sed 4.1.2-8 The GNU sed stream editor
ii ucf 1.17 Update Configuration File: pre=
serv
ii w3m [www-browser] 0.5.1-3 WWW browsable pager with excel=
lent
-- debconf information:
* apache-common/confignotes:
apache-common/old-logrotate-exists:
apache-common/logs:
apache-shared/debconf-modules: mod_vhost_alias, mod_userdir, mod_unique_i=
d, mod_status, mod_setenvif, mod_rewrite, mod_negotiation, mod_mime_ssl, mo=
d_mime_magic, mod_log_config_ssl, mod_info, mod_expires, mod_dir, mod_cgi, =
mod_autoindex, mod_auth_ssl, mod_alias, mod_access, apache-ssl, mod_php4
apache-shared/restart: false
--=20
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : sgran@debian.org |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
--jI8keyz6grp/JLjh
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFD103TSYIMHOpZA44RAn0FAKCdps8SsHd5L9NLm6/Oa5uk3GKwKQCgt+CP
asS9r3WN5ZFlKaaj3QZDvI0=
=b92C
-----END PGP SIGNATURE-----
--jI8keyz6grp/JLjh--
---------------------------------------
Received: (at 349793-done) by bugs.debian.org; 26 Jan 2006 18:39:00 +0000
>From steve@lobefin.net Thu Jan 26 10:39:00 2006
Return-path: <steve@lobefin.net>
Received: from mail.lobefin.net ([82.71.90.98])
by spohr.debian.org with esmtp (Exim 4.50)
id 1F2C1L-0004t7-Gp
for 349793-done@bugs.debian.org; Thu, 26 Jan 2006 10:39:00 -0800
Received: from lobefin.net
([82.71.90.97] helo=hadrian.lobefin.net ident=Debian-exim)
by mail.lobefin.net with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1F2C1I-0006Hp-GW; Thu, 26 Jan 2006 18:38:56 +0000
Received: from steve by hadrian.lobefin.net with local (Exim 4.50)
id 1F2C1J-0000xC-Bt; Thu, 26 Jan 2006 18:38:57 +0000
Date: Thu, 26 Jan 2006 18:38:57 +0000
From: Stephen Gran <sgran@debian.org>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: 349793-done@bugs.debian.org
Subject: Re: Bug#349793: apache-common: Cross-site scripting (XSS) vulnerability in the mod_imap module
Message-ID: <20060126183857.GC9488@www.lobefin.net>
References: <[🔎] 20060125100715.GA27337@www.lobefin.net> <[🔎] 87r76vdrdx.fsf@mid.deneb.enyo.de>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="CblX+4bnyfN0pR09"
Content-Disposition: inline
In-Reply-To: <[🔎] 87r76vdrdx.fsf@mid.deneb.enyo.de>
X-Editor: VIM - Vi IMproved 6.3
X-OS: Linux hadrian 2.6.8-2-686-smp i686
X-Uptime: 1 day
X-Latin: Hodie octavo Kalendas Februarias MMDCCLIX ab urbe condita est
X-Date: Today is Setting Orange, the 25th day of Chaos in the YOLD 3172
X-DDate: Only 2430851 Shopping Days Left Before X-Day. Grudnuk demand sustenance!
X-Motto: debian/rules
User-Agent: Mutt/1.5.9i
X-Authenticated-Sender: steve
X-Scanned-By: ClamAV 0.88/1252 on mail.lobefin.net; Thu, 26 Jan 2006 18:38:56 +0000
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
--CblX+4bnyfN0pR09
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
This one time, at band camp, Florian Weimer said:
> * Stephen Gran:
>=20
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2005-3352
>=20
> Uhm, hasn't this been fixed in apache 1.3.34-2 (bug #343466) and
> apache2 2.0.55-4 (bug #343467)?
It may have been - I was working from
http://www.debian.org/security/crossreferences, and CVE-2005-3352 does
not appear on that page, as far as I can tell. My quick glance over
the bug pages for apache and apache2 didn't turn up those bugs, but now
I see them rather obviously, so I am sorry for the waste of your time.
I guess the problem is my template was what has been fixed in sarge,
not what has already been reported and fixed in sid.
Sorry for the noise, closing now.
--=20
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : sgran@debian.org |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
--CblX+4bnyfN0pR09
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFD2RdBSYIMHOpZA44RAtwWAKCQ3fpa0TQAIMWf322LNsuo9PMbKwCfV5gD
TTxlBbqRlxMNHydlTwqdyck=
=/Noa
-----END PGP SIGNATURE-----
--CblX+4bnyfN0pR09--
Reply to: