Bug#425836: marked as done ([CVE-2007-1860] A double encoded ".." in a URL can be used to access URLs on the AJP backend)

Wed, 15 Aug 2007 15:45:38 -0700 

Your message dated Wed, 15 Aug 2007 22:32:18 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#425836: fixed in libapache-mod-jk 1:1.2.18-3etch1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: libapache2-mod-jk
Version: 1:1.2.22-1
Severity: grave
Tags: security

As stated at http://tomcat.apache.org/connectors-doc/ the 1.2.22
version of jk connector is affected from CVE-2007-1860 

Please provide the 1.2.23 version.

Regards

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-4-686 (SMP w/2 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

-- 
---------------------------------------------------------------------
|    Marco Nenciarini    | Debian/GNU Linux Developer - Plug Member |
| [EMAIL PROTECTED] | http://www.prato.linux.it/~mnencia       |
---------------------------------------------------------------------
Key fingerprint = FED9 69C7 9E67 21F5 7D95  5270 6864 730D F095 E5E4

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message --- 
Source: libapache-mod-jk
Source-Version: 1:1.2.18-3etch1

We believe that the bug you reported is fixed in the latest version of
libapache-mod-jk, which is due to be installed in the Debian FTP archive:

libapache-mod-jk-doc_1.2.18-3etch1_all.deb
  to pool/main/liba/libapache-mod-jk/libapache-mod-jk-doc_1.2.18-3etch1_all.deb
libapache-mod-jk_1.2.18-3etch1.diff.gz
  to pool/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch1.diff.gz
libapache-mod-jk_1.2.18-3etch1.dsc
  to pool/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch1.dsc
libapache-mod-jk_1.2.18-3etch1_i386.deb
  to pool/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch1_i386.deb
libapache2-mod-jk_1.2.18-3etch1_i386.deb
  to pool/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Koch <[EMAIL PROTECTED]> (supplier of updated libapache-mod-jk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat,  2 Jun 2007 23:15:26 +0200
Source: libapache-mod-jk
Binary: libapache-mod-jk libapache2-mod-jk libapache-mod-jk-doc
Architecture: source all i386
Version: 1:1.2.18-3etch1
Distribution: stable-security
Urgency: high
Maintainer: Debian Java Maintainers <[EMAIL PROTECTED]>
Changed-By: Michael Koch <[EMAIL PROTECTED]>
Description: 
 libapache-mod-jk - Apache 1.3 connector for the Tomcat Java servlet engine
 libapache-mod-jk-doc - Documentation of libapache-mod-jk/libapache2-mod-jk 
packages
 libapache2-mod-jk - Apache 2 connector for the Tomcat Java servlet engine
Closes: 425836
Changes: 
 libapache-mod-jk (1:1.2.18-3etch1) stable-security; urgency=high
 .
   * Forward unparsed URI to tomcat. Closes: #425836.
     CVE-2007-1860
Files: 
 24cfd22ec55f1d128d615e28d048d6f3 935 web optional 
libapache-mod-jk_1.2.18-3etch1.dsc
 58e1b9406e0cfe11bd4bc297ba146b4f 929823 web optional 
libapache-mod-jk_1.2.18.orig.tar.gz
 238b9199315f9a146812c3518fcd410b 10920 web optional 
libapache-mod-jk_1.2.18-3etch1.diff.gz
 86151e1c62195967508109fee550d11b 89114 web optional 
libapache-mod-jk_1.2.18-3etch1_i386.deb
 00b42375bf66efc9391ba4e5938e3fb3 92848 web optional 
libapache2-mod-jk_1.2.18-3etch1_i386.deb
 90d4e197a6e81276a906e9a80b72234c 116002 doc optional 
libapache-mod-jk-doc_1.2.18-3etch1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGZy30Xm3vHE4uyloRAl+bAJ9Alx7KeJH/4BhVFf0FobyK9IvlCwCgx2/j
pkXzyNzZHEoaMU4OhiHBfkU=
=d2Kw
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to