[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#693292: marked as done (apache2.2-bin: False positives with mod_log_forensic and check_forensic)

Your message dated Mon, 04 Mar 2013 21:49:02 +0000
with message-id <E1UCdFm-0005Vt-UE@franck.debian.org>
and subject line Bug#693292: fixed in apache2 2.2.22-13
has caused the Debian Bug report #693292,
regarding apache2.2-bin: False positives with mod_log_forensic and check_forensic
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
693292: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693292
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: apache2.2-bin
Version: 2.2.16-6+squeeze8
Severity: normal

Since update 2.2.16-6+squeeze8 check_forensic reports much more failed
requests than before. Most of them are false positives. I think, this is
caused by mod_log_forensic, throwing in some additional '-' from
time to time.

For instance:
Check_forensic reports:

#check_forensic /var/log/apache2/forensic.log
+20773:50a49a18:8063|GET RequestDetailsRemoved
[...]

If I check this with grep I get:
#grep '20773:50a49a18:8063' /var/log/apache2/forensic.log
+20773:50a49a18:8063|GET RequestDetailsRemoved
--20773:50a49a18:8063


-- System Information:
Debian Release: 6.0.6
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages apache2.2-bin depends on:
ii  libapr1                1.4.2-6+squeeze4  The Apache Portable Runtime Librar
ii  libaprutil1            1.3.9+dfsg-5      The Apache Portable Runtime Utilit
ii  libaprutil1-dbd-sqlite 1.3.9+dfsg-5      The Apache Portable Runtime Utilit
ii  libaprutil1-ldap       1.3.9+dfsg-5      The Apache Portable Runtime Utilit
ii  libc6                  2.11.3-4          Embedded GNU C Library: Shared lib
ii  libcap2                1:2.19-3          support for getting/setting POSIX.
ii  libldap-2.4-2          2.4.23-7.2        OpenLDAP libraries
ii  libpcre3               8.02-1.1          Perl 5 Compatible Regular Expressi
ii  libssl0.9.8            0.9.8o-4squeeze13 SSL shared libraries
ii  zlib1g                 1:1.2.3.4.dfsg-3  compression library - runtime

apache2.2-bin recommends no packages.

apache2.2-bin suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: apache2
Source-Version: 2.2.22-13

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 693292@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 04 Mar 2013 22:21:05 +0100
Source: apache2
Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg
Architecture: source i386 all
Version: 2.2.22-13
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description: 
 apache2    - Apache HTTP Server metapackage
 apache2-dbg - Apache debugging symbols
 apache2-doc - Apache HTTP Server documentation
 apache2-mpm-event - Apache HTTP Server - event driven model
 apache2-mpm-itk - multiuser MPM for Apache 2.2
 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
 apache2-mpm-worker - Apache HTTP Server - high speed threaded model
 apache2-prefork-dev - Apache development headers - non-threaded MPM
 apache2-suexec - Standard suexec program for Apache 2 mod_suexec
 apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
 apache2-threaded-dev - Apache development headers - threaded MPM
 apache2-utils - utility programs for webservers
 apache2.2-bin - Apache HTTP Server common binary files
 apache2.2-common - Apache HTTP Server common files
Closes: 693292 693299
Changes: 
 apache2 (2.2.22-13) unstable; urgency=medium
 .
   [ Stefan Fritsch ]
   * Urgency medium for security fixes.
   * CVE-2013-1048: Fix symlink vulnerability when creating /var/lock/apache2
   * CVE-2012-3499, CVE-2012-4558: Fix XSS flaws in various modules.
   * mod_log_forensic: Fix spurious '-' characters being logged, causing
     false positives. Closes: #693292
 .
   [ Arno Töll ]
   * Document APACHE_ARGUMENTS in envvars (Closes: #693299)
Checksums-Sha1: 
 eab8f23a7e0fa7172aed13faf9bd8b596ea4a8c3 2239 apache2_2.2.22-13.dsc
 20f7661fcee91ec52b6fa8f621569cd88ffb4b7b 200186 apache2_2.2.22-13.debian.tar.gz
 8cc562aa25106d1960a11ca55c8a50bf28a149c9 290750 apache2.2-common_2.2.22-13_i386.deb
 35abc9fdea64c318d8dcc8c5cb26eb3914141501 770786 apache2.2-bin_2.2.22-13_i386.deb
 c0e8f4cc6fca0668290a3b130781c638e7cecd43 2228 apache2-mpm-worker_2.2.22-13_i386.deb
 7b67e6b179823219155ff9f68ab5693408a0f6a3 2338 apache2-mpm-prefork_2.2.22-13_i386.deb
 657b58a0fd257bdcb1afd7d0d9b5999216b6903a 2292 apache2-mpm-event_2.2.22-13_i386.deb
 c8cceb5aa248b93b063708a0c9328c622b006825 2334 apache2-mpm-itk_2.2.22-13_i386.deb
 8ff70b1a3bffa50a03b565c7f33d1054a4fbc4cf 162162 apache2-utils_2.2.22-13_i386.deb
 dc9f06af06316f269a046664b3c4be1c4c06bcc2 105302 apache2-suexec_2.2.22-13_i386.deb
 b4ed8f17f7ac28027b81a5bc084a193e6eaef752 106876 apache2-suexec-custom_2.2.22-13_i386.deb
 c87df70d7dc959043eab1d7577354bdc9bcf7d27 1426 apache2_2.2.22-13_i386.deb
 ee122dd99f36cd91ef26ecbfefcf6742c4ada40f 1772834 apache2-doc_2.2.22-13_all.deb
 b191cef8cc86f336a945765951557a4d2adddf48 114398 apache2-prefork-dev_2.2.22-13_i386.deb
 fb734c651f6629c1df0e8e8027c6de629f931c4a 115222 apache2-threaded-dev_2.2.22-13_i386.deb
 152a026eb87d0473742ff08b42fdc30dc47002cf 1634424 apache2-dbg_2.2.22-13_i386.deb
Checksums-Sha256: 
 51472e0071f96bd388b5e8c68e0c968f3f12eb159bb1151ea6bf0c7e3709ab14 2239 apache2_2.2.22-13.dsc
 eef7cadc929f7504894925f927420f66923c49bd9bd87500ee74cfad2c6fc322 200186 apache2_2.2.22-13.debian.tar.gz
 add14cf83db2aa47037ff0cdd873634b51fe3093ff9d47299936fc8beefc3780 290750 apache2.2-common_2.2.22-13_i386.deb
 7b9c270fc218b549f79667dc076c3539a5db61fd3e3a20bcedb09547f56dfa7d 770786 apache2.2-bin_2.2.22-13_i386.deb
 b74b300639b092dc3da2f5fbad80133b07394b0a5faa438f5c1a286d9b8e78cb 2228 apache2-mpm-worker_2.2.22-13_i386.deb
 9e68b0b236404dc8cb1412f5ce7c529fc810ffb07d6485fbd273f6bee602d29d 2338 apache2-mpm-prefork_2.2.22-13_i386.deb
 ed83171fb9fecbb72c8a376b9f10858aea37cb2049b7965f67572e5c9bc3544c 2292 apache2-mpm-event_2.2.22-13_i386.deb
 bfa567c57e753e103faff75ef3a2ada9f82ed26cd6204124688ac50de2783df7 2334 apache2-mpm-itk_2.2.22-13_i386.deb
 a26a2cd31b2c594c7731e76d230bb53989df72025b5d0d201b0c802f64d073d1 162162 apache2-utils_2.2.22-13_i386.deb
 6b01d41c8c520add348b2c206ffd15e1d3e019a9dca360c0e082b657e164573f 105302 apache2-suexec_2.2.22-13_i386.deb
 5250ee4cc93d1c0ed0747fe7082f4a8ca4adc06d584146bbca2c95b70d6b124e 106876 apache2-suexec-custom_2.2.22-13_i386.deb
 fbeea25e45af168953db75e8f88fd61b4e15515689a9122e44a0aeb72cf21a92 1426 apache2_2.2.22-13_i386.deb
 331a5406d54ea8b18febeacdcadc993919e89d4acf80ab5afde3e86f64614e0f 1772834 apache2-doc_2.2.22-13_all.deb
 f46edfac44452d8a545ef4bb4aeccc0cd0b0363f82524a87e880a81483488f30 114398 apache2-prefork-dev_2.2.22-13_i386.deb
 f870eb2e00ff5be8b18803884383ab242ff01ef4ae4548222f3fee516e550811 115222 apache2-threaded-dev_2.2.22-13_i386.deb
 517b7c9e5a9acf23278056da939bf90737b04a2eac71a4abf3d7efde7e143c68 1634424 apache2-dbg_2.2.22-13_i386.deb
Files: 
 805efa029bf0fd36450e3be92ef646bc 2239 httpd optional apache2_2.2.22-13.dsc
 1f462c4728609bd5564d0478dfc98919 200186 httpd optional apache2_2.2.22-13.debian.tar.gz
 68a5a19115fd62e6f60601ea430ab6b4 290750 httpd optional apache2.2-common_2.2.22-13_i386.deb
 4a32f761512f61a69452862ff25b68a4 770786 httpd optional apache2.2-bin_2.2.22-13_i386.deb
 e74f553fdbccfbdd07a5a73cb4d06328 2228 httpd optional apache2-mpm-worker_2.2.22-13_i386.deb
 71c4c55b23df05faf1d2d7de5abd919e 2338 httpd optional apache2-mpm-prefork_2.2.22-13_i386.deb
 3a79e035bdb0d76b1e8e938e99c7bc56 2292 httpd optional apache2-mpm-event_2.2.22-13_i386.deb
 4ef84dbea187c5b487cd66b0abe45ba5 2334 httpd extra apache2-mpm-itk_2.2.22-13_i386.deb
 ea60265de12df57f86c1c2650ed54af9 162162 httpd optional apache2-utils_2.2.22-13_i386.deb
 b8d5eb61c4f46f87ed1e68dac2c3c5ba 105302 httpd optional apache2-suexec_2.2.22-13_i386.deb
 77c888d402fa5c9a72038f28ae316d84 106876 httpd extra apache2-suexec-custom_2.2.22-13_i386.deb
 3273ecb7960b85002c0f244fe817b469 1426 httpd optional apache2_2.2.22-13_i386.deb
 077f1a8190ed284f334547dbea761bfe 1772834 doc optional apache2-doc_2.2.22-13_all.deb
 6f95b430f3f239360e055474311e8721 114398 httpd extra apache2-prefork-dev_2.2.22-13_i386.deb
 878ce6c14a07c4f6ac53d13d0a20132b 115222 httpd extra apache2-threaded-dev_2.2.22-13_i386.deb
 23846fbf907216f30610c4da9a241646 1634424 debug extra apache2-dbg_2.2.22-13_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFRNRPgbxelr8HyTqQRAtG7AKChLbjwBfQMpKggPVequqfv8CvUsgCggBPk
Fr/WkCfpn05zPQkZ17Moh9U=
=iU6l
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: