Bug#347416: marked as done (libapache-auth-ldap: Multiple Format Strings Vulnerability)

To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: Debian QA Group <packages@qa.debian.org>
Subject: Bug#347416: marked as done (libapache-auth-ldap: Multiple Format Strings Vulnerability)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 26 Jan 2006 01:48:13 -0800
Message-id: <[🔎] handler.347416.D347416.113826817010407.ackdone@bugs.debian.org>
In-reply-to: <20060126093607.GB20273@inutil.org>
References: <20060126093607.GB20273@inutil.org> <[🔎] 20060110152531.54803125D6B@mail.spacemetric.se>

Your message dated Thu, 26 Jan 2006 10:36:07 +0100
with message-id <20060126093607.GB20273@inutil.org>
and subject line Fixed
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 10 Jan 2006 15:26:05 +0000
>From owe@spacemetric.com Tue Jan 10 07:26:05 2006
Return-path: <owe@spacemetric.com>
Received: from inner-gw.spacemetric.se ([213.204.186.242] helo=mail.spacemetric.se)
	by spohr.debian.org with esmtp (Exim 4.50)
	id 1EwLNt-00065I-4x
	for submit@bugs.debian.org; Tue, 10 Jan 2006 07:26:05 -0800
Received: from localhost (localhost [127.0.0.1])
	by mail.spacemetric.se (Postfix) with ESMTP id C2510126046
	for <submit@bugs.debian.org>; Tue, 10 Jan 2006 16:25:32 +0100 (MET)
Received: from mail.spacemetric.se ([127.0.0.1])
	by localhost (flygfisk [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 17234-02 for <submit@bugs.debian.org>;
	Tue, 10 Jan 2006 16:25:31 +0100 (MET)
Received: by mail.spacemetric.se (Postfix, from userid 1000)
	id 54803125D6B; Tue, 10 Jan 2006 16:25:31 +0100 (MET)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Ola Westin <owe@spacemetric.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libapache-auth-ldap: Multiple Format Strings Vulnerability
X-Mailer: reportbug 3.8
Date: Tue, 10 Jan 2006 16:25:31 +0100
Message-Id: <[🔎] 20060110152531.54803125D6B@mail.spacemetric.se>
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at spacemetric.se
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02

Package: libapache-auth-ldap
Version: 1.6.0-8
Severity: grave
Tags: security
Justification: user security hole


auth_ldap version 1.6.0 contains a remote security vulnerability.
See http://www.digitalarmaments.com/2006090173928420.html for details.
A fixed version (1.6.1) is available at http://www.rudedog.org/auth_ldap/.

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.27-2-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages libapache-auth-ldap depends on:
ii  apache-common             1.3.33-6sarge1 support files for all Apache webse
ii  libc6                     2.3.2.ds1-22   GNU C Library: Shared libraries an
ii  libldap2                  2.1.30-8       OpenLDAP libraries

-- no debconf information

---------------------------------------
Received: (at 347416-done) by bugs.debian.org; 26 Jan 2006 09:36:10 +0000
>From jmm@inutil.org Thu Jan 26 01:36:10 2006
Return-path: <jmm@inutil.org>
Received: from inutil.org ([193.22.164.111] helo=vserver151.vserver151.serverflex.de)
	by spohr.debian.org with esmtp (Exim 4.50)
	id 1F23Y2-0002gD-Gi
	for 347416-done@bugs.debian.org; Thu, 26 Jan 2006 01:36:10 -0800
Received: from jmm by vserver151.vserver151.serverflex.de with local (Exim 4.50)
	id 1F23Xz-00065c-Fn
	for 347416-done@bugs.debian.org; Thu, 26 Jan 2006 10:36:07 +0100
Date: Thu, 26 Jan 2006 10:36:07 +0100
To: 347416-done@bugs.debian.org
Subject: Fixed
Message-ID: <20060126093607.GB20273@inutil.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
From: Moritz Muehlenhoff <jmm@inutil.org>
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: jmm@inutil.org
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-2.0 required=4.0 tests=BAYES_00,ONEWORD autolearn=no 
	version=2.60-bugs.debian.org_2005_01_02

This was fixed in DSA-952 for Sarge and Woody, Etch and sid do not
contain this package any longer.

Reply to:

References:
- Bug#347416: libapache-auth-ldap: Multiple Format Strings Vulnerability
  - From: Ola Westin <owe@spacemetric.com>

Prev by Date: Bug#230299: teg: Error, unexpected error in reagrupe_click().
Next by Date: Bug#322876: Thanks for the patch!
Previous by thread: Bug#347416: libapache-auth-ldap: Multiple Format Strings Vulnerability
Next by thread: Bug#304700: marked as done (elvis: Visual { and } commands behaving incorrectly relative to documentation)
Index(es):
- Date
- Thread