Your message dated Sat, 13 Aug 2016 10:17:14 +0000
with message-id <[email protected]>
and subject line Bug#832433: fixed in yaws 1.98-4+deb8u1
has caused the Debian Bug report #832433,
regarding CVE-2016-1000108
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
832433: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832433
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: yaws
Severity: normal
Tags: security
http://seclists.org/oss-sec/2016/q3/95 claims that yaws sets
HTTP_PROXY based a passed Proxy: header. I don't see any
evidence for that in the source, but maybe I'm missing something?
heers,
Moritz
--- End Message ---
--- Begin Message ---
Source: yaws
Source-Version: 1.98-4+deb8u1
We believe that the bug you reported is fixed in the latest version of
yaws, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sergei Golovan <[email protected]> (supplier of updated yaws package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 26 Jul 2016 07:47:24 +0300
Source: yaws
Binary: yaws erlang-yaws yaws-doc yaws-chat yaws-mail yaws-wiki yaws-yapp
Architecture: source all amd64
Version: 1.98-4+deb8u1
Distribution: jessie
Urgency: low
Maintainer: Debian Erlang Packagers <[email protected]>
Changed-By: Sergei Golovan <[email protected]>
Description:
erlang-yaws - Erlang application which implements HTTP webserver
yaws - High performance HTTP 1.1 webserver written in Erlang
yaws-chat - Chat application for Yaws web server
yaws-doc - Documentation and examples for Yaws web server
yaws-mail - Webmail application for Yaws web server
yaws-wiki - Wiki application for Yaws web server
yaws-yapp - Provides an easy way to deploy applications for Yaws web server
Closes: 832433
Changes:
yaws (1.98-4+deb8u1) jessie; urgency=low
.
* Applied a patch from upstream to fix CVE-2016-1000108 (passing HTTP_PROXY
to CGI scripts). Closes: #832433.
Checksums-Sha1:
666382354ea5cc4dee784dd70b9e5ec2ac70ac92 2399 yaws_1.98-4+deb8u1.dsc
a028d4570d677a9b6af3804139440866ccac2984 20000 yaws_1.98-4+deb8u1.debian.tar.xz
0f11d6b91fc01a87d06fbb0d419b18f602ad8929 78466 yaws_1.98-4+deb8u1_all.deb
468d6b31ba7c725bd2d08a655844decec7c12b2f 400214
erlang-yaws_1.98-4+deb8u1_amd64.deb
81f32edfcc1942983354c099e0940a1257315c61 921158 yaws-doc_1.98-4+deb8u1_all.deb
6aa96d37f260768813d1619360ab3ae7b8b877ea 67842 yaws-chat_1.98-4+deb8u1_all.deb
0ddd44c9c59a7112241b22e015f3ce295da0f460 158878 yaws-mail_1.98-4+deb8u1_all.deb
3f39d98077b36383b47ee1d787da5cfe15c95b71 193910 yaws-wiki_1.98-4+deb8u1_all.deb
39b8767232c4ae87ea4ba7c5bc75f71192c2b883 68232 yaws-yapp_1.98-4+deb8u1_all.deb
Checksums-Sha256:
64452219ad8446d82e02bbbfd22b71835c1dc3fcf941820ce2046d5be96fb408 2399
yaws_1.98-4+deb8u1.dsc
a34cc4bee71518d5f7d8d0b889604465e4b1e92d4c1e1cc6eb35d4f57c286501 20000
yaws_1.98-4+deb8u1.debian.tar.xz
6a63653320b28899811c0af7b5d8f8a3c555822497cf0d1312a1c3ae21438225 78466
yaws_1.98-4+deb8u1_all.deb
8159d8204421ac2278d4b3f986fcf826a1ac004ba1ee621f5eab0d294db64be4 400214
erlang-yaws_1.98-4+deb8u1_amd64.deb
c691b693857bf39230c5b20866272f2f9588f82e4acf624fbb92742bab592fb8 921158
yaws-doc_1.98-4+deb8u1_all.deb
b6128827084bef9ea7eebcb1b3f75b2497020f59bc24f4bbb5ec7a84fa0e6cd4 67842
yaws-chat_1.98-4+deb8u1_all.deb
4a86ae1d2d7d272736c58603e406eb24a415f30ce49e6a8425c4e4fcaa4709f6 158878
yaws-mail_1.98-4+deb8u1_all.deb
ab1880c280d7758e04a99ac7b95f54d266f2547af3bca5bd1bbdb769645e4a60 193910
yaws-wiki_1.98-4+deb8u1_all.deb
7b93178938c937364a053e6e20ab6000fdb1b975ffe8dbdd251324f1ef5f084a 68232
yaws-yapp_1.98-4+deb8u1_all.deb
Files:
7a43a318cdbba77377384ff252bf83f7 2399 httpd optional yaws_1.98-4+deb8u1.dsc
cc32b35b2b82521bab91405d8b68a292 20000 httpd optional
yaws_1.98-4+deb8u1.debian.tar.xz
531cf05abcbfa6ec4a7c5e4fa73d08ac 78466 httpd optional
yaws_1.98-4+deb8u1_all.deb
b32f52e193695defb24dca15fdacccb9 400214 httpd optional
erlang-yaws_1.98-4+deb8u1_amd64.deb
c8ed75ff15d072f2f431dd08c68ef23e 921158 doc optional
yaws-doc_1.98-4+deb8u1_all.deb
c015655761c8b207cc895bc70163b70c 67842 web optional
yaws-chat_1.98-4+deb8u1_all.deb
70d0de38770edf764a4b21225758a01e 158878 web optional
yaws-mail_1.98-4+deb8u1_all.deb
8828a9414d41183436cfe3c1a2fd3fd9 193910 web optional
yaws-wiki_1.98-4+deb8u1_all.deb
782db2c7d9271e099ee59ca5de931855 68232 web optional
yaws-yapp_1.98-4+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBV51/AlfnxjJPgTkdAQi+qhAAh1tMNLB68MsW4JH6pD8aHZ1kCqDG61vC
GezcLFtW/OvvBgZ15wwyfuhk8X01eWnQfVTZvZTui44HUNFei8uOB5+++xr5Gcst
UfvWt/C8HTR4W/eerRvo9tIUe5zr5KB58kBvpLsvYUozYRaRA5fTLpSpx4iSc/At
/5WJ817HKHXSNMcfNN3v5ZJXEf53LBKdAiWI0Yeo8bl2JvaK/LHmoqB+Pebjsybe
vf0z1kEqpLGJ/anOQyWC1HeW6BFY9opR4jemd9r5pkJ0YocXUvex0rfYcL/SZlKb
0I/Dr6fXZpAAIyTfbZRGMATcziWVOgSfr0CwJZzh730/xagkX2FtmLam1v3ERlf8
DpLLXLsq7oCc6iwnygEVTMkovKQjhn/9/anGJ5E+RvqZ3MWfp8nRydg2C2xwDhU8
FbwUuteWuFq3vOAYVzuz2qnVPNSJzgi/4suj6+BAGG0wl7BUOddFHiP4fEscYERt
HA+TJSInS2WdUA5qK/o7XiaYM0JewnodHEQCzyJL5bCjJX0BAWR7Yx63Qj8DQTEA
w1Cpda30D894240yAA3ZrXXSFQAAN6IFMAmroJNLuNJ+cTxhq2DYjnBFsCD/s9WF
hVJK/0NiYHjgrQ+fbvEFCX4YMXnRVrci1ocJMxC8CBWf/Aw7S7thYzvrO5fzoI6x
oPxykkyXYs0=
=J8A+
-----END PGP SIGNATURE-----
--- End Message ---
