Your message dated Sun, 16 Sep 2007 21:33:38 +0200 with message-id <200709162133.38244.sf@sfritsch.de> and subject line fixed in 2.2.6-1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: Subject: apache2: Remote user can crash Apache if reverse proxy is enabled.
- From: Ramon Garcia Fernandez <ramon.garcia@kotasoft.com>
- Date: Tue, 11 Sep 2007 14:48:09 +0200
- Message-id: <[🔎] 46E68E89.3030304@kotasoft.com>
Package: apache2 Severity: critical Justification: root security hole Tags: security *** Please type your report below this line *** A security hole has been disclosed on the Apache web site. http://httpd.apache.org/security/vulnerabilities_22.html Although it is disclosed as a denial of service, it seems to involve a buffer overflow, and thus allow remote code execution under the apache account. I can confim, from attacks in systems of a customer, that this is actually the case. As I have not seen any security upgrade from 4th of september, date of the disclosure, I request this issue to be fixed. Ramon Garcia Systems Administrator ramon.garcia@kotasoft.com http://www.kotasoft.com -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-vserver-686 Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8)
--- End Message ---
--- Begin Message ---
- To: 441845-done@bugs.debian.org
- Subject: fixed in 2.2.6-1
- From: Stefan Fritsch <sf@sfritsch.de>
- Date: Sun, 16 Sep 2007 21:33:38 +0200
- Message-id: <200709162133.38244.sf@sfritsch.de>
Version: 2.2.6-1 This was fixed in 2.2.6-1
--- End Message ---