Your message dated Sat, 30 Jan 2010 16:32:15 +0000
with message-id <[email protected]>
and subject line Bug#567635: fixed in libapache2-mod-perl2 2.0.4-6
has caused the Debian Bug report #567635,
regarding XSS in Status.pm
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
567635: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567635
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libapache2-mod-perl2
Severity: grave
Tags: security
Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0796
which contains links to the upstream commits.
This doesn't warrant a DSA, but it would be nice if you could fix this
in a stable point update for Lenny.
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-trunk-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages libapache2-mod-perl2 depends on:
pn apache2.2-common <none> (no description available)
ii libapr1 1.3.8-1 The Apache Portable Runtime Librar
ii libaprutil1 1.3.9+dfsg-3 The Apache Portable Runtime Utilit
ii libc6 2.10.2-5 Embedded GNU C Library: Shared lib
ii libdevel-symdump-perl 2.08-2 Perl module for inspecting perl's
ii libperl5.10 5.10.1-9 shared Perl library
ii liburi-perl 1.52-1 module to manipulate and access UR
ii libuuid1 2.16.2-0 Universally Unique ID library
ii libwww-perl 5.834-1 Perl HTTP/WWW client/server librar
ii netbase 4.40 Basic TCP/IP networking system
ii perl [libmime-base64-perl] 5.10.1-9 Larry Wall's Practical Extraction
ii perl-base [perlapi-5.10.0] 5.10.1-9 minimal Perl system
Versions of packages libapache2-mod-perl2 recommends:
pn libapache2-reload-perl <none> (no description available)
pn libbsd-resource-perl <none> (no description available)
libapache2-mod-perl2 suggests no packages.
--- End Message ---
--- Begin Message ---
Source: libapache2-mod-perl2
Source-Version: 2.0.4-6
We believe that the bug you reported is fixed in the latest version of
libapache2-mod-perl2, which is due to be installed in the Debian FTP archive:
libapache2-mod-perl2-dev_2.0.4-6_all.deb
to main/liba/libapache2-mod-perl2/libapache2-mod-perl2-dev_2.0.4-6_all.deb
libapache2-mod-perl2-doc_2.0.4-6_all.deb
to main/liba/libapache2-mod-perl2/libapache2-mod-perl2-doc_2.0.4-6_all.deb
libapache2-mod-perl2_2.0.4-6.diff.gz
to main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.4-6.diff.gz
libapache2-mod-perl2_2.0.4-6.dsc
to main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.4-6.dsc
libapache2-mod-perl2_2.0.4-6_amd64.deb
to main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.4-6_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Damyan Ivanov <[email protected]> (supplier of updated libapache2-mod-perl2
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 30 Jan 2010 18:00:43 +0200
Source: libapache2-mod-perl2
Binary: libapache2-mod-perl2 libapache2-mod-perl2-dev libapache2-mod-perl2-doc
Architecture: source all amd64
Version: 2.0.4-6
Distribution: unstable
Urgency: high
Maintainer: Debian Perl Group <[email protected]>
Changed-By: Damyan Ivanov <[email protected]>
Description:
libapache2-mod-perl2 - Integration of perl with the Apache2 web server
libapache2-mod-perl2-dev - Integration of perl with the Apache2 web server -
development fil
libapache2-mod-perl2-doc - Integration of perl with the Apache2 web server -
documentation
Closes: 507606 567635
Changes:
libapache2-mod-perl2 (2.0.4-6) unstable; urgency=high
.
[ gregor herrmann ]
* debian/control: Changed: (build-)depend on perl instead of perl-
modules.
.
[ Dario Minnucci ]
* docs/index_top.html: Issued patch 099-fix-url-on-index_top.patch
to fix link URL. (Closes: #507606)
.
[ Damyan Ivanov ]
* add 100-svn-XSS-Status.patch; fixes XSS in Apache2::Status (CVE-2009-0796)
Patch taken from r760926 of upstream SVN.
Closes: #567635
* .docs: drop debian/NEWS.Debian and Changes
* -doc: depend on ${misc:Depends}
* drop debian/NEWS (documents changes before oldstable)
Checksums-Sha1:
d5765b9bef8f187454f91cb45dc3d35d80801dd2 1837 libapache2-mod-perl2_2.0.4-6.dsc
9db0d78a4292f6f555c9eac3b1af61cc5df998e3 12163
libapache2-mod-perl2_2.0.4-6.diff.gz
daa63085d10c5f34961aabaf5beac849a2338e5e 79520
libapache2-mod-perl2-dev_2.0.4-6_all.deb
9ad489267896dbbc922ea4a37c5e8625a4d03663 3130586
libapache2-mod-perl2-doc_2.0.4-6_all.deb
1432b8c1eb464bf51ff17b63548ab508cab705d8 1112316
libapache2-mod-perl2_2.0.4-6_amd64.deb
Checksums-Sha256:
198990d8d20eae6618abbf9841fa4998b6a4a4da13f6ccd667c697539bfa2b44 1837
libapache2-mod-perl2_2.0.4-6.dsc
9fd7783fa83eb434d18a4a251bb6e53b482d447d5c1333bb2edf271e9c2b96d4 12163
libapache2-mod-perl2_2.0.4-6.diff.gz
bfdd9e2614eef845cec48f35ce92fcfbef8d38ad2cb24fbee218c434fda26c6e 79520
libapache2-mod-perl2-dev_2.0.4-6_all.deb
ad664471a8e0345040dea1482fb4c58702c5f3f0b1da63a7c85179658756d7a6 3130586
libapache2-mod-perl2-doc_2.0.4-6_all.deb
7a4141bef1f8d96d8a672f2b8e2e258473f72d166b3aa275732a014171f0599a 1112316
libapache2-mod-perl2_2.0.4-6_amd64.deb
Files:
6cec6d503726729974bf85f77931534b 1837 perl optional
libapache2-mod-perl2_2.0.4-6.dsc
c22139aa4ba40ece6fe19268e708ed30 12163 perl optional
libapache2-mod-perl2_2.0.4-6.diff.gz
8356acd60c4849b7f2e3e3ec13700ff9 79520 libdevel optional
libapache2-mod-perl2-dev_2.0.4-6_all.deb
b41502ec807955e86fa5a36050147863 3130586 doc optional
libapache2-mod-perl2-doc_2.0.4-6_all.deb
b0a32ea07e8a2d68062c9451d5354141 1112316 perl optional
libapache2-mod-perl2_2.0.4-6_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAktkXOYACgkQHqjlqpcl9jvdWACgrRgw5Z7mUDKiwmkYieL7fIxt
+XYAn0/uOQsBAoIihhqr4oxQpa4XaWQp
=Mdn8
-----END PGP SIGNATURE-----
--- End Message ---