Your message dated Sat, 30 Jan 2010 16:32:15 +0000
with message-id <[email protected]>
and subject line Bug#567635: fixed in libapache2-mod-perl2 2.0.4-6
has caused the Debian Bug report #567635,
regarding XSS in Status.pm
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
567635: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567635
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libapache2-mod-perl2
Severity: grave
Tags: security

Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0796
which contains links to the upstream commits.

This doesn't warrant a DSA, but it would be nice if you could fix this
in a stable point update for Lenny.

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-trunk-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages libapache2-mod-perl2 depends on:
pn  apache2.2-common            <none>       (no description available)
ii  libapr1                     1.3.8-1      The Apache Portable Runtime Librar
ii  libaprutil1                 1.3.9+dfsg-3 The Apache Portable Runtime Utilit
ii  libc6                       2.10.2-5     Embedded GNU C Library: Shared lib
ii  libdevel-symdump-perl       2.08-2       Perl module for inspecting perl's 
ii  libperl5.10                 5.10.1-9     shared Perl library
ii  liburi-perl                 1.52-1       module to manipulate and access UR
ii  libuuid1                    2.16.2-0     Universally Unique ID library
ii  libwww-perl                 5.834-1      Perl HTTP/WWW client/server librar
ii  netbase                     4.40         Basic TCP/IP networking system
ii  perl [libmime-base64-perl]  5.10.1-9     Larry Wall's Practical Extraction 
ii  perl-base [perlapi-5.10.0]  5.10.1-9     minimal Perl system

Versions of packages libapache2-mod-perl2 recommends:
pn  libapache2-reload-perl        <none>     (no description available)
pn  libbsd-resource-perl          <none>     (no description available)

libapache2-mod-perl2 suggests no packages.



--- End Message ---
--- Begin Message ---
Source: libapache2-mod-perl2
Source-Version: 2.0.4-6

We believe that the bug you reported is fixed in the latest version of
libapache2-mod-perl2, which is due to be installed in the Debian FTP archive:

libapache2-mod-perl2-dev_2.0.4-6_all.deb
  to main/liba/libapache2-mod-perl2/libapache2-mod-perl2-dev_2.0.4-6_all.deb
libapache2-mod-perl2-doc_2.0.4-6_all.deb
  to main/liba/libapache2-mod-perl2/libapache2-mod-perl2-doc_2.0.4-6_all.deb
libapache2-mod-perl2_2.0.4-6.diff.gz
  to main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.4-6.diff.gz
libapache2-mod-perl2_2.0.4-6.dsc
  to main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.4-6.dsc
libapache2-mod-perl2_2.0.4-6_amd64.deb
  to main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.4-6_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Damyan Ivanov <[email protected]> (supplier of updated libapache2-mod-perl2 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 30 Jan 2010 18:00:43 +0200
Source: libapache2-mod-perl2
Binary: libapache2-mod-perl2 libapache2-mod-perl2-dev libapache2-mod-perl2-doc
Architecture: source all amd64
Version: 2.0.4-6
Distribution: unstable
Urgency: high
Maintainer: Debian Perl Group <[email protected]>
Changed-By: Damyan Ivanov <[email protected]>
Description: 
 libapache2-mod-perl2 - Integration of perl with the Apache2 web server
 libapache2-mod-perl2-dev - Integration of perl with the Apache2 web server - 
development fil
 libapache2-mod-perl2-doc - Integration of perl with the Apache2 web server - 
documentation
Closes: 507606 567635
Changes: 
 libapache2-mod-perl2 (2.0.4-6) unstable; urgency=high
 .
   [ gregor herrmann ]
   * debian/control: Changed: (build-)depend on perl instead of perl-
     modules.
 .
   [ Dario Minnucci ]
   * docs/index_top.html: Issued patch 099-fix-url-on-index_top.patch
     to fix link URL. (Closes: #507606)
 .
   [ Damyan Ivanov ]
   * add 100-svn-XSS-Status.patch; fixes XSS in Apache2::Status (CVE-2009-0796)
     Patch taken from r760926 of upstream SVN.
     Closes: #567635
   * .docs: drop debian/NEWS.Debian and Changes
   * -doc: depend on ${misc:Depends}
   * drop debian/NEWS (documents changes before oldstable)
Checksums-Sha1: 
 d5765b9bef8f187454f91cb45dc3d35d80801dd2 1837 libapache2-mod-perl2_2.0.4-6.dsc
 9db0d78a4292f6f555c9eac3b1af61cc5df998e3 12163 
libapache2-mod-perl2_2.0.4-6.diff.gz
 daa63085d10c5f34961aabaf5beac849a2338e5e 79520 
libapache2-mod-perl2-dev_2.0.4-6_all.deb
 9ad489267896dbbc922ea4a37c5e8625a4d03663 3130586 
libapache2-mod-perl2-doc_2.0.4-6_all.deb
 1432b8c1eb464bf51ff17b63548ab508cab705d8 1112316 
libapache2-mod-perl2_2.0.4-6_amd64.deb
Checksums-Sha256: 
 198990d8d20eae6618abbf9841fa4998b6a4a4da13f6ccd667c697539bfa2b44 1837 
libapache2-mod-perl2_2.0.4-6.dsc
 9fd7783fa83eb434d18a4a251bb6e53b482d447d5c1333bb2edf271e9c2b96d4 12163 
libapache2-mod-perl2_2.0.4-6.diff.gz
 bfdd9e2614eef845cec48f35ce92fcfbef8d38ad2cb24fbee218c434fda26c6e 79520 
libapache2-mod-perl2-dev_2.0.4-6_all.deb
 ad664471a8e0345040dea1482fb4c58702c5f3f0b1da63a7c85179658756d7a6 3130586 
libapache2-mod-perl2-doc_2.0.4-6_all.deb
 7a4141bef1f8d96d8a672f2b8e2e258473f72d166b3aa275732a014171f0599a 1112316 
libapache2-mod-perl2_2.0.4-6_amd64.deb
Files: 
 6cec6d503726729974bf85f77931534b 1837 perl optional 
libapache2-mod-perl2_2.0.4-6.dsc
 c22139aa4ba40ece6fe19268e708ed30 12163 perl optional 
libapache2-mod-perl2_2.0.4-6.diff.gz
 8356acd60c4849b7f2e3e3ec13700ff9 79520 libdevel optional 
libapache2-mod-perl2-dev_2.0.4-6_all.deb
 b41502ec807955e86fa5a36050147863 3130586 doc optional 
libapache2-mod-perl2-doc_2.0.4-6_all.deb
 b0a32ea07e8a2d68062c9451d5354141 1112316 perl optional 
libapache2-mod-perl2_2.0.4-6_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAktkXOYACgkQHqjlqpcl9jvdWACgrRgw5Z7mUDKiwmkYieL7fIxt
+XYAn0/uOQsBAoIihhqr4oxQpa4XaWQp
=Mdn8
-----END PGP SIGNATURE-----



--- End Message ---

Reply via email to