Your message dated Wed, 17 Aug 2005 03:02:12 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#323433: fixed in mod-vhost-ldap 0.2.3-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 16 Aug 2005 18:30:43 +0000
>From [EMAIL PROTECTED] Tue Aug 16 11:30:43 2005
Return-path: <[EMAIL PROTECTED]>
Received: from nautilus.neoisis.net [194.100.129.90] (Debian-exim)
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1E56Cx-00067X-00; Tue, 16 Aug 2005 11:30:43 -0700
Received: from fabbe by nautilus.neoisis.net with local (Exim 4.50)
id 1E56Ct-0000Tl-Si
for [EMAIL PROTECTED]; Tue, 16 Aug 2005 21:30:39 +0300
Content-Type: multipart/mixed; boundary="===============0572050212=="
MIME-Version: 1.0
From: Fabian Fagerholm <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: mod-vhost-ldap: off-by-one error in minimum allowed uid/gid check
X-Mailer: reportbug 3.8
Date: Tue, 16 Aug 2005 21:30:39 +0300
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
This is a multi-part MIME message sent by reportbug.
--===============0572050212==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Package: mod-vhost-ldap
Version: 0.2.2-1
Severity: normal
I found what I think is an off-by-one error in mod-vhost-ldap: the
suExec minimum allowed uid and gid are actually the maximum disallowed
uid and gid.
The attached patch fixes this.
--===============0572050212==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="minuid.diff"
--- mod_vhost_ldap.c.orig 2005-08-16 21:14:56.441346768 +0300
+++ mod_vhost_ldap.c 2005-08-16 21:19:08.619009936 +0300
@@ -491,7 +491,7 @@
uid = (uid_t)atoll(req->uid);
gid = (gid_t)atoll(req->gid);
- if ((uid <= MIN_UID)||(gid <= MIN_GID)) {
+ if ((uid < MIN_UID)||(gid < MIN_GID)) {
return NULL;
}
--===============0572050212==--
---------------------------------------
Received: (at 323433-close) by bugs.debian.org; 17 Aug 2005 10:09:06 +0000
>From [EMAIL PROTECTED] Wed Aug 17 03:09:06 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1E5KkO-0002Ib-00; Wed, 17 Aug 2005 03:02:12 -0700
From: =?utf-8?b?T25kxZllaiBTdXLDvQ==?= <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#323433: fixed in mod-vhost-ldap 0.2.3-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 17 Aug 2005 03:02:12 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: mod-vhost-ldap
Source-Version: 0.2.3-1
We believe that the bug you reported is fixed in the latest version of
mod-vhost-ldap, which is due to be installed in the Debian FTP archive:
libapache2-mod-vhost-ldap_0.2.3-1_i386.deb
to pool/main/m/mod-vhost-ldap/libapache2-mod-vhost-ldap_0.2.3-1_i386.deb
mod-vhost-ldap_0.2.3-1.diff.gz
to pool/main/m/mod-vhost-ldap/mod-vhost-ldap_0.2.3-1.diff.gz
mod-vhost-ldap_0.2.3-1.dsc
to pool/main/m/mod-vhost-ldap/mod-vhost-ldap_0.2.3-1.dsc
mod-vhost-ldap_0.2.3.orig.tar.gz
to pool/main/m/mod-vhost-ldap/mod-vhost-ldap_0.2.3.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
OndÅej Surý <[EMAIL PROTECTED]> (supplier of updated mod-vhost-ldap package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 17 Aug 2005 11:40:55 +0200
Source: mod-vhost-ldap
Binary: libapache2-mod-vhost-ldap
Architecture: source i386
Version: 0.2.3-1
Distribution: unstable
Urgency: low
Maintainer: OndÅej Surý <[EMAIL PROTECTED]>
Changed-By: OndÅej Surý <[EMAIL PROTECTED]>
Description:
libapache2-mod-vhost-ldap - Apache 2 module for Virtual Hosting from LDAP
Closes: 323433 323437
Changes:
mod-vhost-ldap (0.2.3-1) unstable; urgency=low
.
* New upstream release.
* Fix off-by-one error in minimum UID/GID (Closes: #323433)
* Fix schema (yet again) (Closes: #323437)
Files:
fff0428834d1faca136ca0229ea55547 648 web optional mod-vhost-ldap_0.2.3-1.dsc
fcb4e7563422548d271762a8bbfea409 6997 web optional
mod-vhost-ldap_0.2.3.orig.tar.gz
d10301441e04c575adb8d782b1cc72ad 2306 web optional
mod-vhost-ldap_0.2.3-1.diff.gz
1595bd3b60f22c59a5e6e03544090b79 9342 web optional
libapache2-mod-vhost-ldap_0.2.3-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDAwfz9OZqfMIN8nMRAga5AKCvvdi6PF8TbN2Iqo5xGAxV7GzJ4wCgmJSi
tAPknVJVmPjuYy1/ULYbRR0=
=LzuL
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
