Bug#462458: apache2: SSL renegotiation does not work on POST requests in certain configurations

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#462458: apache2: SSL renegotiation does not work on POST requests in certain configurations
From: Garrett Wollman <wollman@csail.mit.edu>
Date: Thu, 24 Jan 2008 18:20:32 -0500
Message-id: <20080124232032.1268.17914.reportbug@projects.csail.mit.edu.>
Reply-to: Garrett Wollman <wollman@csail.mit.edu>, 462458@bugs.debian.org

Package: apache2
Version: 2.2.3-4+etch3
Severity: important

When mod_fastcgi and mod_action are used (for example, to implement
PHP4 and PHP5 in the same server), data from POST requests which
is buffered during SSL renegotiation is not reinjected correctly
through the filter chain.  (Technically, anything that causes Apache
to do an internal redirect on a POST request under SSL renegotiation
can cause this bug to surface.)

This bug was reported upstream as ASF Bugzilla Bug 43738
(<http://issues.apache.org/bugzilla/show_bug.cgi?id=43738>),
and has been fixed in the Apache development line and in the 2.2 branch
for a future release (Apache SVN revision 608787,
<http://svn.apache.org/viewvc?view=rev&revision=608787>).

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-xen-amd64
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages apache2 depends on:
ii  apache2-mpm-prefork        2.2.3-4+etch3 Traditional model for Apache HTTPD

apache2 recommends no packages.

-- no debconf information

Reply to:

Prev by Date: National C3 Baseline Survey
Next by Date: Beacon Hotel~Patriot Package
Previous by thread: National C3 Baseline Survey
Next by thread: Beacon Hotel~Patriot Package
Index(es):
- Date
- Thread