Bug#380231: [CVE-2006-3747] Off-by-one flaw exists in the Rewrite module, mod_rewrite
Package: apache
Version: 1.3.34-2
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The latest release notes [1] of apache 1.3.37, 2.0.59 and 2.2.3 contains a
note, about an off-by-one flaw (CVE-2006-3747 [2]).
[1] http://www.apache.org/dist/httpd/Announcement2.2.html
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747
Please check, if the Debian package(s) is/are vulnerable.
Regards, Daniel
- -- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (850, 'unstable'), (700, 'testing'), (550, 'stable'), (110, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15.08060320
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Versions of packages apache depends on:
ii apache-common 1.3.34-2 support files for all Apache webse
ii debconf [debconf-2.0] 1.5.2 Debian configuration management sy
ii libc6 2.3.6-16 GNU C Library: Shared libraries
ii libdb4.3 4.3.29-6 Berkeley v4.3 Database Libraries [
ii libexpat1 1.95.8-3.2 XML parsing C library - runtime li
ii libmagic1 4.17-2 File type determination library us
ii logrotate 3.7.1-3 Log rotation utility
ii lsb-base 3.1-10 Linux Standard Base 3.1 init scrip
ii mime-support 3.37-1 MIME files 'mime.types' & 'mailcap
ii perl 5.8.8-6 Larry Wall's Practical Extraction
apache recommends no packages.
- -- debconf information excluded
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEyif+dg0kG0+YFBERAiX2AJ98Pu062RB/oGwJl2203bfkT+l9FQCeONDR
2xQ6gHZYpYvpau1HDRhoZqE=
=goy6
-----END PGP SIGNATURE-----
Reply to: