Bug#469930: marked as done (mod_vhost_ldap: LDAP query injection bug)

Thu, 10 Jun 2010 02:42:21 -0700 

Your message dated Thu, 10 Jun 2010 09:38:34 +0000
with message-id <[email protected]>
and subject line Bug#469930: fixed in mod-vhost-ldap 2.0.2-1
has caused the Debian Bug report #469930,
regarding mod_vhost_ldap: LDAP query injection bug
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
469930: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469930
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: libapache2-mod-vhost-ldap
Version: 1.2.0-1
Tags: patch

mod_vhost_ldap should escape the incoming hostname before writing it
into an LDAP query string.  Here is a patch:

<http://anders.kaseorg.com/pub/patches/mod_vhost_ldap-escape.patch>

--- End Message ---
--- Begin Message --- 
Source: mod-vhost-ldap
Source-Version: 2.0.2-1

We believe that the bug you reported is fixed in the latest version of
mod-vhost-ldap, which is due to be installed in the Debian FTP archive:

libapache2-mod-vhost-ldap_2.0.2-1_amd64.deb
  to main/m/mod-vhost-ldap/libapache2-mod-vhost-ldap_2.0.2-1_amd64.deb
mod-vhost-ldap_2.0.2-1.debian.tar.gz
  to main/m/mod-vhost-ldap/mod-vhost-ldap_2.0.2-1.debian.tar.gz
mod-vhost-ldap_2.0.2-1.dsc
  to main/m/mod-vhost-ldap/mod-vhost-ldap_2.0.2-1.dsc
mod-vhost-ldap_2.0.2.orig.tar.gz
  to main/m/mod-vhost-ldap/mod-vhost-ldap_2.0.2.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ondřej Surý <[email protected]> (supplier of updated mod-vhost-ldap package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 10 Jun 2010 11:10:55 +0200
Source: mod-vhost-ldap
Binary: libapache2-mod-vhost-ldap
Architecture: source amd64
Version: 2.0.2-1
Distribution: unstable
Urgency: low
Maintainer: Ondřej Surý <[email protected]>
Changed-By: Ondřej Surý <[email protected]>
Description: 
 libapache2-mod-vhost-ldap - Apache 2 module for Virtual Hosting from LDAP
Closes: 450290 469930 470085 499981
Changes: 
 mod-vhost-ldap (2.0.2-1) unstable; urgency=low
 .
   * New upstream release
     + Fix LDAP query injection (courtesy of Anders Kaseorg)
       (Closes: #469930)
     + Add support for wildcard hostnames (courtesy of Anders Kaseorg)
       (Closes: #470085)
   * Update description (Closes: #499981)
   * Fix debian/watch file (Closes: #450290)
Checksums-Sha1: 
 72ed9b818343bf868f6dadb3cf40efd8acc7f2e1 1099 mod-vhost-ldap_2.0.2-1.dsc
 b3d66fc8d0b0e610def35efa4d5a8c076b7aa6c2 1966275 
mod-vhost-ldap_2.0.2.orig.tar.gz
 fb6b383553beb6d9cf68fd77bd001009da76e464 3631 
mod-vhost-ldap_2.0.2-1.debian.tar.gz
 c30441eb96a533b4eda50cbe428eee35ed8b7e7c 13232 
libapache2-mod-vhost-ldap_2.0.2-1_amd64.deb
Checksums-Sha256: 
 e0e43b3ee48548e8dc9893ae102807ffbe6c1d3aea9bf58687ce5fb9a197fb7e 1099 
mod-vhost-ldap_2.0.2-1.dsc
 2ed02976153b2b5fb9f72eb66f57ae6484f507f46e3eed5c094c1b72567ccddf 1966275 
mod-vhost-ldap_2.0.2.orig.tar.gz
 20c5e5c5014a55525428e31d7dfc6f845782465b59c8cbbe48870195dd1b59e7 3631 
mod-vhost-ldap_2.0.2-1.debian.tar.gz
 1780db5b40378d4b1fc7f48549c12b595c8d4f4509c855b4ccd02e6a370d70cb 13232 
libapache2-mod-vhost-ldap_2.0.2-1_amd64.deb
Files: 
 65c0f671e3c837babc83a0c83389b8c6 1099 web optional mod-vhost-ldap_2.0.2-1.dsc
 4ad40e4197f82e0ad3eac7f6be46c981 1966275 web optional 
mod-vhost-ldap_2.0.2.orig.tar.gz
 4b206cf69bc6988f128a098b7e111150 3631 web optional 
mod-vhost-ldap_2.0.2-1.debian.tar.gz
 294c2b1a51278276df37c190598a6871 13232 web optional 
libapache2-mod-vhost-ldap_2.0.2-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkwQriYACgkQ9OZqfMIN8nPQlQCePS3Zr4MCZsdJx4tpERASvP/N
ticAnienuiUoM5nzkYDeTWDgyvb7gVrY
=+OWg
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to