[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#150574: marked as done (apache: SECUIRITY Apache 1.3.24-3 (Testing) contains chunk encoding buffer overflow)



Your message dated Thu, 20 Jun 2002 20:32:30 +0100
with message-id <20020620203230.E9435@parcelfarce.linux.theplanet.co.uk>
and subject line Bug#150574: apache: SECUIRITY Apache 1.3.24-3 (Testing) contains chunk encoding buffer overflow
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 20 Jun 2002 18:51:03 +0000
>From tburnus@physik.fu-berlin.de Thu Jun 20 13:51:03 2002
Return-path: <tburnus@physik.fu-berlin.de>
Received: from down.physik.fu-berlin.de [160.45.34.6] 
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 17L71K-0002ki-00; Thu, 20 Jun 2002 13:51:02 -0500
Received: from w4.physik.fu-berlin.de (w4.physik.fu-berlin.de [160.45.33.4])
	by down.physik.fu-berlin.de (8.9.3/8.9.1) with ESMTP id UAA1368742;
	Thu, 20 Jun 2002 20:50:59 +0200 (CEST)
Received: from tburnus by w4.physik.fu-berlin.de with local (Exim 3.35 #1 (Debian))
	id 17L71V-0003yO-00; Thu, 20 Jun 2002 20:51:13 +0200
From: Tobias Burnus <tobias.burnus@physik.fu-berlin.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: apache: SECUIRITY Apache 1.3.24-3 (Testing) contains chunk encoding buffer overflow
X-Mailer: reportbug 1.50
Date: Thu, 20 Jun 2002 20:51:13 +0200
Message-Id: <E17L71V-0003yO-00@w4.physik.fu-berlin.de>
Sender: Tobias Burnus <tburnus@w4.physik.fu-berlin.de>
Delivered-To: submit@bugs.debian.org

Package: apache
Version: 1.3.24-3.1
Severity: grave
Tags: security
Justification: user security hole

Debian has provides a security patch for Potato but not for Woody/Sid.
See http://www.debian.org/security/2002/dsa-131

CERT of University Stuttgart has released an updated version
based on Debian's Woody apache which fixes this bug:
http://cert.uni-stuttgart.de/files/fw/debian/apache/

Please fix this in Woody.

Tobias

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux w4 2.4.18-zedv-pentium4 #1 Mon Apr 22 20:14:41 CEST 2002 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages apache depends on:
ii  apache-common                1.3.24-3.1  Support files for all Apache webse
ii  dpkg                         1.9.20      Package maintenance system for Deb
ii  libc6                        2.2.5-4     GNU C Library: Shared libraries an
ii  libdb2                       2:2.7.7.0-7 The Berkeley database routines (ru
ii  libexpat1                    1.95.2-6    XML parsing C library - runtime li
ii  logrotate                    3.5.9-7     Log rotation utility
ii  mime-support                 3.18-1      MIME files 'mime.types' & 'mailcap
ii  perl                         5.6.1-7     Larry Wall's Practical Extraction 
ii  perl [perl5]                 5.6.1-7     Larry Wall's Practical Extraction 


---------------------------------------
Received: (at 150574-done) by bugs.debian.org; 20 Jun 2002 19:32:31 +0000
>From willy@www.linux.org.uk Thu Jun 20 14:32:31 2002
Return-path: <willy@www.linux.org.uk>
Received: from parcelfarce.linux.theplanet.co.uk (www.linux.org.uk) [195.92.249.252] 
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 17L7fT-0006u3-00; Thu, 20 Jun 2002 14:32:31 -0500
Received: from willy by www.linux.org.uk with local (Exim 3.33 #5)
	id 17L7fS-0000tC-00; Thu, 20 Jun 2002 20:32:30 +0100
Date: Thu, 20 Jun 2002 20:32:30 +0100
From: Matthew Wilcox <willy@debian.org>
To: Tobias Burnus <tobias.burnus@physik.fu-berlin.de>,
	150574-done@bugs.debian.org
Cc: debian-devel@lists.debian.org, debian-user@lists.debian.org
Subject: Re: Bug#150574: apache: SECUIRITY Apache 1.3.24-3 (Testing) contains chunk encoding buffer overflow
Message-ID: <20020620203230.E9435@parcelfarce.linux.theplanet.co.uk>
Reply-To: debian-devel@lists.debian.org
References: <E17L71V-0003yO-00@w4.physik.fu-berlin.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <E17L71V-0003yO-00@w4.physik.fu-berlin.de>; from tobias.burnus@physik.fu-berlin.de on Thu, Jun 20, 2002 at 08:51:13PM +0200
Sender:  <willy@www.linux.org.uk>
Delivered-To: 150574-done@bugs.debian.org

On Thu, Jun 20, 2002 at 08:51:13PM +0200, Tobias Burnus wrote:
> Debian has provides a security patch for Potato but not for Woody/Sid.
> See http://www.debian.org/security/2002/dsa-131

Debian does not provide security updates for testing or for unstable.
apache 1.3.26-1 went into sid today.  packages for woody have
been uploaded into the new testing-security system.  since i
have no idea how long that's going to take to be visible to users,
http://satie.debian.org/~willy/ provides packages for those who have
foolishly upgraded to a distribution which does not yet provide security
releases.

I'm going to cc debian-devel & debian-user with this so that hopefully
more people get to see this and STOP FILING BUGS ABOUT THIS.  I have
already noticed there's a security problem, believe it or not.

-- 
Revolutions do not require corporate support.


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org



Reply to: