Bug#416611: marked as done (libapache-mod-perl: Possible DoS problem with PerlRun (CVE-2007-1349))

To: Stefan Fritsch <sf@sfritsch.de>
Subject: Bug#416611: marked as done (libapache-mod-perl: Possible DoS problem with PerlRun (CVE-2007-1349))
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Mon, 10 Mar 2008 15:15:06 +0000
Message-id: <[🔎] handler.416611.D416611.12051619923119.ackdone@bugs.debian.org>
References: <200803101613.09738.sf@sfritsch.de> <200703291058.25986.kjetilk@opera.com>

Your message dated Mon, 10 Mar 2008 16:13:08 +0100
with message-id <200803101613.09738.sf@sfritsch.de>
and subject line libapache-mod-perl: Possible DoS problem with PerlRun (CVE-2007-1349)
has caused the Debian Bug report #416611,
regarding libapache-mod-perl: Possible DoS problem with PerlRun (CVE-2007-1349)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
416611: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416611
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libapache-mod-perl: Possible DoS problem with PerlRun (CVE-2007-1349)
From: Kjetil Kjernsmo <kjetilk@opera.com>
Date: Thu, 29 Mar 2007 10:58:25 +0200
Message-id: <200703291058.25986.kjetilk@opera.com>

Package: libapache-mod-perl
Version: 1.29.0.4-4.1
Severity: important
Tags: security

A problem was recently discovered in how mod_perl 1.x deals with special 
characters in the file_info part of URLs, exploitation of this problem 
could cause a DoS. 

The problem was fixed in the recent 1.30 RC1 of the package:

SECURITY: CVE-2007-1349 (cve.mitre.org)
fix unescaped variable interpolation in Apache::PerlRun
regular expression to prevent regex engine tampering.
reported by Alex Solovey
[Randal L. Schwartz <merlyn@stonehenge.com>, Fred Moyer 
<fred@redhotpenguin.com>]

I think only a single line needs to be patched to fix the problem. It 
seems likely that all versions of Debian exhibits the problem, but if I 
leave it to others to decide if it is a release critical problem for 
etch.

Best,

Kjetil
-- 
Kjetil Kjernsmo
Information Systems Developer
Opera Software ASA

--- End Message ---

--- Begin Message ---

To: 416611-done@bugs.debian.org, 416611-submitter@bugs.debian.org

Subject: libapache-mod-perl: Possible DoS problem with PerlRun (CVE-2007-1349)

From: Stefan Fritsch <sf@sfritsch.de>

Date: Mon, 10 Mar 2008 16:13:08 +0100

Message-id: <200803101613.09738.sf@sfritsch.de>
version: 1.3.34-4.1+etch1

This was recently fixed in a stable point release for etch.
--- End Message ---

Reply to:

Prev by Date: Processed: bug 350285 is forwarded to https://issues.apache.org/bugzilla/show_bug.cgi?id=31956
Next by Date: Bug#470551: installation within chroot dies about hostname
Previous by thread: Processed: bug 350285 is forwarded to https://issues.apache.org/bugzilla/show_bug.cgi?id=31956
Next by thread: Bug#470551: installation within chroot dies about hostname
Index(es):
- Date
- Thread