Your message dated Sun, 7 Aug 2022 09:49:01 +0200
with message-id <[email protected]>
and subject line Re: Accepted mod-wsgi 4.9.0-1.1 (source) into unstable
has caused the Debian Bug report #1016476,
regarding mod-wsgi: CVE-2022-2255: Trusted Proxy Headers Removing Bypass
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1016476: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016476
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: mod-wsgi
Version: 4.9.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for mod-wsgi.
CVE-2022-2255[0]:
| Trusted Proxy Headers Removing Bypass
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-2255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2255
[1]
https://github.com/GrahamDumpleton/mod_wsgi/commit/af3c0c2736bc0b0b01fa0f0aad3c904b7fa9c751
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: mod-wsgi
Source-Version: 4.9.0-1.1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 30 Jul 2022 23:03:02 +0200
Source: mod-wsgi
Architecture: source
Version: 4.9.0-1.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Thorsten Alteholz <[email protected]>
Changes:
mod-wsgi (4.9.0-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* CVE-2022-2255
drop X-Client-IP header when is not a trusted header
Checksums-Sha1:
b2967320e2d63be07155017b3410e698103a7fcf 2203 mod-wsgi_4.9.0-1.1.dsc
c00fefdd04b6962c78e292cd4aa026d5dc4b137b 11412 mod-wsgi_4.9.0-1.1.debian.tar.xz
5052b5ef05f344157f82f1bf92d8cf7e10c8b780 8112
mod-wsgi_4.9.0-1.1_amd64.buildinfo
Checksums-Sha256:
fd1d03c32de8ae924efbee4887b221a855da6b78e2a2d77162351c84e42355d8 2203
mod-wsgi_4.9.0-1.1.dsc
521945901584f87b4422931cc216252e5d331b29f98aea0de71bc223e88ebe11 11412
mod-wsgi_4.9.0-1.1.debian.tar.xz
8356302ce278a4942b4346b9a14f2fa3d7607218956ed3cb7a6ac013d5597e7b 8112
mod-wsgi_4.9.0-1.1_amd64.buildinfo
Files:
f670811167e883e96f337ef8d18c19de 2203 httpd optional mod-wsgi_4.9.0-1.1.dsc
9afe97fe86d2f3ad058f87dabaefa912 11412 httpd optional
mod-wsgi_4.9.0-1.1.debian.tar.xz
63b87a4abf712667ec23d8bdddd7dfb5 8112 httpd optional
mod-wsgi_4.9.0-1.1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmLu461fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR4W8D/9K8RyPu6+CDZg1xWVO8jppcNt/w0Ht
ECqZvCxRv4igNDQpyDG046yZwJCN4QiTkL0FlHVfVQCcMUghcE9xi9fAYn4GGcyt
Rk442ZZB1ueqMxtv3ITvRcCWeXDZZvhQjb3xsvaTskfaIKPIa4Buo3I+2JHPbGjk
45QP0CtxwppmoDtqTzLFfUCcTzdc0hdC4TYxmDWQwiHVED2kgQ2Q7UenzATZ9TxI
iMIxVEeCoUy7VJJMvcNYNer6BDKVvs7lLIEvLTEYWb58XYDZwM+DGEH0ubZZnXpO
ezyiegyVaomDeBU9P0/BrvwbmnmLVoaofIsudDqzpsVkjCy0UZ3oRtZERruPF1MI
t/IYrb3WESlDFd5GI8CNEf4egI7u29qGbVfb4klhdLOYZqkhBznwoBwKXsrQu4HL
//8aPPoqeFDqGiTW+St0zTu9hz9pztMV/NiyE4vASGvXQhuAH6/bKkkZJE1mSOAf
xFLK99GnwxtLZQdgU+ZX2F06I8c9+ltvXzYAF9B5IvvAAWKwlQDf69p15I/T+g50
tKifJDstNPc7KEA76BYDhNMtxmmP2EBOsoRzPMH8/jgOPh2Vd5Ms5t2T7YaO8zPW
HnnAjaANncpnV/qs7NHLL8VKBNT6Pe2oDvHk0Xj2ZENSTXt+1HBzkr0xESQqq4b+
LuLXaNJEfp8+Ew==
=P1Nn
-----END PGP SIGNATURE-----
----- End forwarded message -----
--- End Message ---
