[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#780398: marked as done (weak/insecure diffie-hellman parameters)

Your message dated Tue, 04 Aug 2015 21:17:33 +0000
with message-id <E1ZMjaX-0007Fd-Py@franck.debian.org>
and subject line Bug#780398: fixed in apache2 2.2.22-13+deb7u5
has caused the Debian Bug report #780398,
regarding weak/insecure diffie-hellman parameters
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
780398: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780398
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: apache2
Version: 2.2.22-13+deb7u4

Hi!

As Wheezy will be around for some more time (and squeeze-lts might also be
interested in getting a little extra security), would you please consider
backporting the DHE parameter size feature of Apache 2.4 to Apache 2.2 as
you did with EC support?

Thanks & all the best,
	Adi Kriegisch

PS: If you need more information and/or reasoning, please let me know!

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message --- 
Source: apache2
Source-Version: 2.2.22-13+deb7u5

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 780398@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 01 Aug 2015 22:08:57 +0200
Source: apache2
Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg
Architecture: source amd64 all
Version: 2.2.22-13+deb7u5
Distribution: wheezy-security
Urgency: medium
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description: 
 apache2    - Apache HTTP Server metapackage
 apache2-dbg - Apache debugging symbols
 apache2-doc - Apache HTTP Server documentation
 apache2-mpm-event - Apache HTTP Server - event driven model
 apache2-mpm-itk - multiuser MPM for Apache 2.2
 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
 apache2-mpm-worker - Apache HTTP Server - high speed threaded model
 apache2-prefork-dev - Apache development headers - non-threaded MPM
 apache2-suexec - Standard suexec program for Apache 2 mod_suexec
 apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
 apache2-threaded-dev - Apache development headers - threaded MPM
 apache2-utils - utility programs for webservers
 apache2.2-bin - Apache HTTP Server common binary files
 apache2.2-common - Apache HTTP Server common files
Closes: 780398
Changes: 
 apache2 (2.2.22-13+deb7u5) wheezy-security; urgency=medium
 .
   * CVE-2015-3183: Fix request smuggling via chunked transfer encoding.
     Backported by Marc Deslauriers.
   * Don't limit default DH parameters to 1024 bits. Closes: #780398
     This may cause problems with some Java based clients. A work-around is to
     configure these client not to use DHE key exchange but use ECDHE or RSA
     instead.
     A server-side work-around that limits the DH parameters to 1024 bits for
     all clients is described at
     http://httpd.apache.org/docs/trunk/ssl/ssl_faq.html#javadh .
   * Backport support for adding DH parameters to the SSLCertificateFile.
Checksums-Sha1: 
 6a7b970edbe773f90a61e85afd3ac98e727bf005 2899 apache2_2.2.22-13+deb7u5.dsc
 190b1e8f102d5f8160ecac921dc1a7b214a701de 237472 apache2_2.2.22-13+deb7u5.debian.tar.gz
 f1fd132fd5b5d4faff07c3a5111c3cc64552b5d3 293100 apache2.2-common_2.2.22-13+deb7u5_amd64.deb
 c13235f7733405df64f8c7546343c21fede1822d 791720 apache2.2-bin_2.2.22-13+deb7u5_amd64.deb
 e1ed07182141b70654b406fb5d75efd57a12c6dd 2242 apache2-mpm-worker_2.2.22-13+deb7u5_amd64.deb
 d66787eea63079ace672f4a16b9401404dec9d0d 2346 apache2-mpm-prefork_2.2.22-13+deb7u5_amd64.deb
 a87f661b864a24b4bf8949a75c5b66d3a709a7e4 2308 apache2-mpm-event_2.2.22-13+deb7u5_amd64.deb
 25c69b6c50cf0fd514544f919cf731d6a647f093 2338 apache2-mpm-itk_2.2.22-13+deb7u5_amd64.deb
 7761e1cd68b61466a17103c9ca63baa390452fe9 163484 apache2-utils_2.2.22-13+deb7u5_amd64.deb
 1d01cbbc6cc97eb2783967ee20b795c515fa87be 107232 apache2-suexec_2.2.22-13+deb7u5_amd64.deb
 c59d86be77d2b0c87a0c6df5588d97463b15c60f 108714 apache2-suexec-custom_2.2.22-13+deb7u5_amd64.deb
 966beb95dc50cec961c95e1bcd81ab6a5e6f34ea 1430 apache2_2.2.22-13+deb7u5_amd64.deb
 9b2b336acba04840707de51c0a6b755e5d5f880c 1776440 apache2-doc_2.2.22-13+deb7u5_all.deb
 fefcb3ddb583eaca01b3bb0735e0fe28c6e35dad 114614 apache2-prefork-dev_2.2.22-13+deb7u5_amd64.deb
 ab55f9e0ba2f642e908aba8d3740a4dde80dec30 115476 apache2-threaded-dev_2.2.22-13+deb7u5_amd64.deb
 1012a2405a441fc1aae5bc9df2a67868f749b7f6 1726910 apache2-dbg_2.2.22-13+deb7u5_amd64.deb
Checksums-Sha256: 
 08ea9d1d59f5a3678491ae0986ae1146924871660b7adc049562f544798039aa 2899 apache2_2.2.22-13+deb7u5.dsc
 bdf67991a8e6a64f1d3ca4edd5df97046a1a113ff47385873717ce6462aefcf7 237472 apache2_2.2.22-13+deb7u5.debian.tar.gz
 0ae401a5991585b8ff993a7df30662d057151f4c81009077f0f8d976d1639e94 293100 apache2.2-common_2.2.22-13+deb7u5_amd64.deb
 3dd0041fc76d98e2eaf998ad6862347669716e8a78c16fe9482df76be25dd19f 791720 apache2.2-bin_2.2.22-13+deb7u5_amd64.deb
 e7d53d119e8d3b0547f7e73ba0c5eb82ae1ac354aead838740257426d74c0cee 2242 apache2-mpm-worker_2.2.22-13+deb7u5_amd64.deb
 c738b636f66de82e8e865c4cf2ce55e2ace2bbb873983a205b2a0e92384ced68 2346 apache2-mpm-prefork_2.2.22-13+deb7u5_amd64.deb
 f0227a302eea8768f10932a4b0a0fca8d8c2b3046559dfa69fe922828b2d22b9 2308 apache2-mpm-event_2.2.22-13+deb7u5_amd64.deb
 c9d7f95620242e62eba440d7c8236cce0b9e0ef0340c1718de79c051a4fc0059 2338 apache2-mpm-itk_2.2.22-13+deb7u5_amd64.deb
 2b4ac4e41c3790527b2fd23cf589cc36992929a0e7f68f75e53cdbdc8ba3b69f 163484 apache2-utils_2.2.22-13+deb7u5_amd64.deb
 3cfa82b2e5accd4181ca8fcd1b5f76f0057f5a799385cd8e073b752810453e68 107232 apache2-suexec_2.2.22-13+deb7u5_amd64.deb
 0e52007f463b1113ccf23042309f672f3d1ba86ec65a34af9e98dbd7ca16d4c8 108714 apache2-suexec-custom_2.2.22-13+deb7u5_amd64.deb
 be1544c8a568b2398839c2b2cb3b2ca3f6ec72533ca0c7f812867e71c7bb7da9 1430 apache2_2.2.22-13+deb7u5_amd64.deb
 f29df96045a27f7f32bd3bbcc10e7a7320067cc06950c04e2b895a72f4a773e5 1776440 apache2-doc_2.2.22-13+deb7u5_all.deb
 13345c499b3542992e3df89eae7e7be68dba0b334891890301fec031d9b89358 114614 apache2-prefork-dev_2.2.22-13+deb7u5_amd64.deb
 b9c9ff5cc5a5a48e2d856bb3c5d389df9befc41d7acf3fb4f4f0eda8a95dea94 115476 apache2-threaded-dev_2.2.22-13+deb7u5_amd64.deb
 c7ff6e3222b485f9c4478f927fabaf332f0f49821cd284ee701479e97817b0b4 1726910 apache2-dbg_2.2.22-13+deb7u5_amd64.deb
Files: 
 a65d603f59796ab9028109bd4ca5a312 2899 httpd optional apache2_2.2.22-13+deb7u5.dsc
 effdb2eeb3af4a680356ae08930bf685 237472 httpd optional apache2_2.2.22-13+deb7u5.debian.tar.gz
 7fe0f47419454586d1058e25edabd91d 293100 httpd optional apache2.2-common_2.2.22-13+deb7u5_amd64.deb
 8c4467bdfbf252950092e4ffe61d23c8 791720 httpd optional apache2.2-bin_2.2.22-13+deb7u5_amd64.deb
 9e4eb4a933e7028df534804994618385 2242 httpd optional apache2-mpm-worker_2.2.22-13+deb7u5_amd64.deb
 5ac255148b9a1230081a267d12758752 2346 httpd optional apache2-mpm-prefork_2.2.22-13+deb7u5_amd64.deb
 737f037515a675d7479881af9af222f3 2308 httpd optional apache2-mpm-event_2.2.22-13+deb7u5_amd64.deb
 049513ade4536bc118c6aa6b0f452e60 2338 httpd extra apache2-mpm-itk_2.2.22-13+deb7u5_amd64.deb
 1bb68a5ef1094ce00c339219e59219e8 163484 httpd optional apache2-utils_2.2.22-13+deb7u5_amd64.deb
 9e0e6fff7348a262c63271cbb8e33971 107232 httpd optional apache2-suexec_2.2.22-13+deb7u5_amd64.deb
 d96e174b3926b1fed08ae5ef4ae987ba 108714 httpd extra apache2-suexec-custom_2.2.22-13+deb7u5_amd64.deb
 8bf992d341f750b6df16c23df0f8f964 1430 httpd optional apache2_2.2.22-13+deb7u5_amd64.deb
 52000c890d6c95162d93acf47c011f53 1776440 doc optional apache2-doc_2.2.22-13+deb7u5_all.deb
 c736d4fa5805f1e4d8f4d35318ae4215 114614 httpd extra apache2-prefork-dev_2.2.22-13+deb7u5_amd64.deb
 8d7f0fab4caa4c84977bae1c6a2fec23 115476 httpd extra apache2-threaded-dev_2.2.22-13+deb7u5_amd64.deb
 12f37431ad7058cf89045ee7f7eca6a4 1726910 debug extra apache2-dbg_2.2.22-13+deb7u5_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBVb0rIcaHXzVBzv3gAQh8Ng//V7HOogEqY11sTXX6hetK8HJLVWStHWEB
HE9E+lBNMAiHz6SjMd6c8PBGzNGYAmr7mgoZ7k0s9R9nb+myprF8WvNpEmADkr+3
KO5YHUrqufS3dZ6hUnAHIsLOeXRDEn8GssRCKX8svMNss5Dky4giRtB0poEqhF85
tk2wPiEMbquKE7uDiZcDnPlnrq06psKLLuV3YNbDn2P+1PgXNCAj1m7s88fQ9gKw
b1/sTHlAbvjxm9a2z/pXvS8CmUaRvUjC/ZDqUpvfroQDwmmWN3KVlIou1ZuSdYCA
S8yZvGz4Mem8HGQUwJHhoM8w3b/4CcA6u6qu6yqpjPVXW+38hyboOz6sY5EAtiyP
Vhvyh0CP1QthmONDeyUYnJ87g4dL/muZrZRCNbOBAQ5iNt8SvBzidPIcTDuaa1Jn
q87kZo4RefX7f8Y4qp5TrMHLnE/4NSXs6X8N/uLTLcCT62JqGgM6TO+yMH/BAHWA
U/4A2xlpzgXSEeN5bkmAPi7RETNnWsidEjU8pCJQAqVxgjXwQO2T2ADU4BWZa5hP
ammnkLeV1YWl/4bLS85v5TVO80B0lyoePrNcs5Oo9DZAgA2W+dZczbQAF+KIrSwG
4dGB14mwvcUQdWp+ww32sCMNbdZ1NFKuVOdvnulByM2D2ycEipyflerk9t6Bvivr
LnHzbGGMRD0=
=VzHA
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: