Your message dated Wed, 01 Nov 2006 03:02:23 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#343514: fixed in libapache-mod-fastcgi 2.4.2-8
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
package: libapache2-mod-fastcgi
A SEGV can happen in fcgi-fs_get_by_id() because fixups() passes a NULL
pointer to it.
Basically, mod_fastcgi.c:fixups() should verify r->filename is not NULL
before calling fcgi_util_fs_get_by_id(r->filename, uid, gid).
Here's the current mod_fastcgi.c:fixups() which clearly passes
r->filename without checking if it is NULL:
static int
fixups(request_rec * r)
{
uid_t uid;
gid_t gid;
get_request_identity(r, &uid, &gid);
if (fcgi_util_fs_get_by_id(r->filename, uid, gid))
{
r->handler = FASTCGI_HANDLER_NAME;
return OK;
}
return DECLINED;
}
More detailed description and a very small patch was posted here by the
person who found this problem:
http://www.fastcgi.com/archives/fastcgi-developers/2005-April/003673.html
--- End Message ---
--- Begin Message ---
Source: libapache-mod-fastcgi
Source-Version: 2.4.2-8
We believe that the bug you reported is fixed in the latest version of
libapache-mod-fastcgi, which is due to be installed in the Debian FTP archive:
libapache-mod-fastcgi_2.4.2-8.diff.gz
to
pool/non-free/liba/libapache-mod-fastcgi/libapache-mod-fastcgi_2.4.2-8.diff.gz
libapache-mod-fastcgi_2.4.2-8.dsc
to pool/non-free/liba/libapache-mod-fastcgi/libapache-mod-fastcgi_2.4.2-8.dsc
libapache-mod-fastcgi_2.4.2-8_i386.deb
to
pool/non-free/liba/libapache-mod-fastcgi/libapache-mod-fastcgi_2.4.2-8_i386.deb
libapache2-mod-fastcgi_2.4.2-8_i386.deb
to
pool/non-free/liba/libapache-mod-fastcgi/libapache2-mod-fastcgi_2.4.2-8_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tatsuki Sugiura <[EMAIL PROTECTED]> (supplier of updated libapache-mod-fastcgi
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 6 Oct 2006 20:53:21 +0900
Source: libapache-mod-fastcgi
Binary: libapache2-mod-fastcgi libapache-mod-fastcgi
Architecture: source i386
Version: 2.4.2-8
Distribution: unstable
Urgency: high
Maintainer: Taku YASUI <[EMAIL PROTECTED]>
Changed-By: Tatsuki Sugiura <[EMAIL PROTECTED]>
Description:
libapache-mod-fastcgi - Apache 1 FastCGI module for long-running CGI scripts
libapache2-mod-fastcgi - Apache 2 FastCGI module for long-running CGI scripts
Closes: 331617 343514 343519
Changes:
libapache-mod-fastcgi (2.4.2-8) unstable; urgency=high
.
* transit libapache2-mod-fastcgi for apache2.2
* Fix in built-in suexec path (Closes: #331617)
* remove unnecessary libc6 version dependency (Closes: #343519)
* apply patch to fix that apache2 segv on load (Closes: #343514)
Files:
2253deddc152d8f15cba412d5f226e87 837 non-free/web optional
libapache-mod-fastcgi_2.4.2-8.dsc
6dc409b452dbc335a1a11f77960b8638 5867 non-free/web optional
libapache-mod-fastcgi_2.4.2-8.diff.gz
6730d80165277fdd1af7b98e94afe1f6 62890 non-free/web optional
libapache-mod-fastcgi_2.4.2-8_i386.deb
6fced180cd37b7b3b07bb1a31bc400e8 65746 non-free/web optional
libapache2-mod-fastcgi_2.4.2-8_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFSHuFFwU5DuZsm7ARAnsVAKDIgfIFmlGeBIi6JJselwTgwoUuIACeI+L6
dwn217SR3agjL71Nx7Fq3pI=
=WgTy
-----END PGP SIGNATURE-----
--- End Message ---
