Bug#551727: marked as done (apache2: CVE-2009-1890 - backport patch from Apache 2.2.12)
Your message dated Sun, 1 Nov 2009 19:05:06 +0100
with message-id <200911011905.06467.sf@sfritsch.de>
and subject line Re: Bug#551727: apache2: CVE-2009-1890 - backport patch from Apache 2.2.12
has caused the Debian Bug report #551727,
regarding apache2: CVE-2009-1890 - backport patch from Apache 2.2.12
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
551727: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551727
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apache2: CVE-2009-1890 - backport patch from Apache 2.2.12
- From: Tobias Barth <tobias.barth@web-arts.com>
- Date: Tue, 20 Oct 2009 09:42:05 +0200
- Message-id: <20091020074205.14435.23999.reportbug@dragan.web-arts.int>
Package: apache2.2-common
Version: 2.2.9-10+lenny4
Severity: normal
see http://httpd.apache.org/security/vulnerabilities_22.html - there is a
mod_proxy DOS attack vulnerability that should be fixed in some of the next
revisions of the apache2 Debian packages
-- Package-specific info:
List of enabled modules from 'apache2 -M':
alias auth_basic authn_file authz_default authz_groupfile
authz_host authz_user autoindex cgi dir env mime negotiation perl
php5 proxy_connect proxy_http proxy python security2 setenvif
status unique_id
-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages apache2 depends on:
ii apache2-mpm-prefork 2.2.9-10+lenny4 Apache HTTP Server - traditional n
apache2 recommends no packages.
apache2 suggests no packages.
Versions of packages apache2.2-common depends on:
ii apache2-utils 2.2.9-10+lenny4 utility programs for webservers
ii libapr1 1.2.12-5+lenny1 The Apache Portable Runtime Librar
ii libaprutil1 1.2.12+dfsg-8+lenny4 The Apache Portable Runtime Utilit
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libmagic1 4.26-1 File type determination library us
ii libssl0.9.8 0.9.8g-15+lenny5 SSL shared libraries
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
ii mime-support 3.44-1 MIME files 'mime.types' & 'mailcap
ii net-tools 1.60-22 The NET-3 networking toolkit
ii perl 5.10.0-19lenny2 Larry Wall's Practical Extraction
ii procps 1:3.2.7-11 /proc file system utilities
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
-- no debconf information
--- End Message ---
--- Begin Message ---
- To: 551727-done@bugs.debian.org
- Subject: Re: Bug#551727: apache2: CVE-2009-1890 - backport patch from Apache 2.2.12
- From: Stefan Fritsch <sf@sfritsch.de>
- Date: Sun, 1 Nov 2009 19:05:06 +0100
- Message-id: <200911011905.06467.sf@sfritsch.de>
- In-reply-to: <200910201847.50598.sf@sfritsch.de>
- References: <20091020074205.14435.23999.reportbug@dragan.web-arts.int> <200910201847.50598.sf@sfritsch.de>
On Tuesday 20 October 2009, Stefan Fritsch wrote:
> > see http://httpd.apache.org/security/vulnerabilities_22.html -
> > there is a mod_proxy DOS attack vulnerability that should be
> > fixed in some of the next revisions of the apache2 Debian
> > packages
>
> These are not very severe issues and will be fixed in
> 2.2.9-10+lenny5 in the next stable point release. Packages are
> already available in stable-proposed-updates for most
> architectures.
>
Ups, I confused that with CVE-2009-3094 (mod_proxy_ftp DoS).
CVE-2009-1890 is already fixed in 2.2.9-10+lenny4.
--- End Message ---
Reply to: