Bug#509789: marked as done (thttpd: cgi-bin /cgi-bin/cgi-prog/path/to-pass reports file outside document tree)
Your message dated Wed, 26 Aug 2009 04:17:37 +0000
with message-id <E1Mg9x3-0001dg-AG@ries.debian.org>
and subject line Bug#164306: fixed in thttpd 2.25b-8
has caused the Debian Bug report #164306,
regarding thttpd: cgi-bin /cgi-bin/cgi-prog/path/to-pass reports file outside document tree
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
164306: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=164306
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: thttpd: cgi-bin /cgi-bin/cgi-prog/path/to-pass reports file outside document tree
- From: Daniel Dickinson <cshore@fionavar.ca>
- Date: Fri, 26 Dec 2008 04:07:06 -0500
- Message-id: <20081226090706.27996.80779.reportbug@naalstone.fionavar.dd>
Package: thttpd
Severity: normal
Some cgi-bin programs (like dwww) have paths passed to themselves by being called with the form /cgi-bin/cgi-prog/path/to/pass where /cgi-bin/cgi-prog is the actual cgi-bin and /path/to/pass is an additional path to pass. With thttpd this does not work and thttpd reports that the files is outside ther permitted web server directory, probably because there is no file /cgi-bin/cgi-prog/path/to/pass.
-- System Information:
Debian Release: 5.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages thttpd depends on:
ii libc6 2.7-16 GNU C Library: Shared libraries
ii logrotate 3.7.1-5 Log rotation utility
thttpd recommends no packages.
Versions of packages thttpd suggests:
pn thttpd-util <none> (no description available)
--- End Message ---
--- Begin Message ---
Source: thttpd
Source-Version: 2.25b-8
We believe that the bug you reported is fixed in the latest version of
thttpd, which is due to be installed in the Debian FTP archive:
thttpd-util_2.25b-8_i386.deb
to pool/main/t/thttpd/thttpd-util_2.25b-8_i386.deb
thttpd_2.25b-8.diff.gz
to pool/main/t/thttpd/thttpd_2.25b-8.diff.gz
thttpd_2.25b-8.dsc
to pool/main/t/thttpd/thttpd_2.25b-8.dsc
thttpd_2.25b-8_i386.deb
to pool/main/t/thttpd/thttpd_2.25b-8_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 164306@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ben Hutchings <ben@decadent.org.uk> (supplier of updated thttpd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Format: 1.8
Date: Wed, 26 Aug 2009 03:54:25 +0100
Source: thttpd
Binary: thttpd thttpd-util
Architecture: source i386
Version: 2.25b-8
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Ben Hutchings <ben@decadent.org.uk>
Description:
thttpd - tiny/turbo/throttling HTTP server
thttpd-util - tiny/turbo/throttling HTTP server (utilities)
Closes: 164306 421750 448524 485003 543602
Changes:
thttpd (2.25b-8) unstable; urgency=low
.
* QA upload
* Change init script start, stop, restart actions to behave reasonably
regardless of the daemon's current state (Closes: #448524)
* Re-enable patches accidentally disabled in 2.25b-5
(Closes: #164306, #421750, #485003, #543602)
* Stop creating directory /var/www/users
* Add README.source referring to dpatch
Checksums-Sha1:
537986fc1f7313644bba590ebe85a6072f4ac572 1023 thttpd_2.25b-8.dsc
e211a8c3a35f3c749881c24ae23efc92a7a8ac57 18689 thttpd_2.25b-8.diff.gz
34e72137a22a0f875156acb95da129d56bed047d 60902 thttpd_2.25b-8_i386.deb
b73d9fd836dbf4c4e72e984ddaace4519ce16bd7 27890 thttpd-util_2.25b-8_i386.deb
Checksums-Sha256:
b47314a7f6fcf029eaf992f871f5a81512121ab84a46ac743e0f2f8ad5f3786a 1023 thttpd_2.25b-8.dsc
bfc5f3d2a6d9fd492360b1be81ffb4631c43d1be3c3d8748c1e5cf3296be1fca 18689 thttpd_2.25b-8.diff.gz
dde621b9c28d6e4c9f225f3840f143c0ad7172c86f747cefb57a0bcf38c4fd59 60902 thttpd_2.25b-8_i386.deb
6a3ba20f13b4df13064294c87d696f3be8d99c3d01aee1a4cb11287fdf0970d2 27890 thttpd-util_2.25b-8_i386.deb
Files:
643ca1e47ce8a5ef52d9732b074e5061 1023 web optional thttpd_2.25b-8.dsc
1ebde498a1b5090dd367da20864cb963 18689 web optional thttpd_2.25b-8.diff.gz
054738ba4f279cc22ba0d1d78efec8c7 60902 web optional thttpd_2.25b-8_i386.deb
0fe4f5d1214a887412b72b4a03b5d578 27890 web optional thttpd-util_2.25b-8_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKlKV679ZNCRIGYgcRA+fuAKDlcB4jIBV+O8on3YUI9hbE56+4JACgjIHG
pY6rEHgZDdijzLrFOcg+aZA=
=WeId
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: