Your message dated Fri, 03 Jul 2009 19:54:31 +0000
with message-id <e1mmoq7-0008wa...@ries.debian.org>
and subject line Bug#523054: fixed in libapache-mod-jk 1:1.2.18-3etch2
has caused the Debian Bug report #523054,
regarding libapache2-mod-jk: [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
523054: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523054
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libapache2-mod-jk
Version: 1:1.2.26-2
Severity: grave
Tags: security
Justification: user security hole
The Apache Tomcat Security Team has released the following advisory :
Vulnerability announcement:
CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability
Severity: important
Vendor: The Apache Software Foundation
Versions Affected:
mod_jk 1.2.0 to 1.2.26
Description:
Situations where faulty clients set Content-Length without providing
data, or where a user submits repeated requests very quickly may permit
one user to view the response associated with a different user's request.
Mitigation:
Upgrade to mod_jk 1.2.27 or later
Example:
See description
Credit:
This issue was discovered by the Red Hat Security Response Team
References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-jk.html
--
Damien Raude-Morvan
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: libapache-mod-jk
Source-Version: 1:1.2.18-3etch2
We believe that the bug you reported is fixed in the latest version of
libapache-mod-jk, which is due to be installed in the Debian FTP archive:
libapache-mod-jk-doc_1.2.18-3etch2_all.deb
to pool/main/liba/libapache-mod-jk/libapache-mod-jk-doc_1.2.18-3etch2_all.deb
libapache-mod-jk_1.2.18-3etch2.diff.gz
to pool/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2.diff.gz
libapache-mod-jk_1.2.18-3etch2.dsc
to pool/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2.dsc
libapache-mod-jk_1.2.18-3etch2_i386.deb
to pool/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_i386.deb
libapache2-mod-jk_1.2.18-3etch2_i386.deb
to pool/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 523...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stefan Fritsch <s...@debian.org> (supplier of updated libapache-mod-jk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 30 May 2009 21:18:12 +0200
Source: libapache-mod-jk
Binary: libapache-mod-jk libapache2-mod-jk libapache-mod-jk-doc
Architecture: source all i386
Version: 1:1.2.18-3etch2
Distribution: oldstable-security
Urgency: high
Maintainer: Debian Java Maintainers
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Stefan Fritsch <s...@debian.org>
Description:
libapache-mod-jk - Apache 1.3 connector for the Tomcat Java servlet engine
libapache-mod-jk-doc - Documentation of libapache-mod-jk/libapache2-mod-jk
packages
libapache2-mod-jk - Apache 2 connector for the Tomcat Java servlet engine
Closes: 523054
Changes:
libapache-mod-jk (1:1.2.18-3etch2) oldstable-security; urgency=high
.
* Non-maintainer upload by the security-team.
* CVE-2008-5519: Fix information disclosure vulnerability when clients
abort connection before sending POST body (closes: #523054).
Files:
dc3dd860d8c7a2710943903b485b1afa 935 web optional
libapache-mod-jk_1.2.18-3etch2.dsc
889ac12a51c93772cefad6af5225f7f7 11556 web optional
libapache-mod-jk_1.2.18-3etch2.diff.gz
028881fdbf37c27de6fa3edd8fbd05c4 89482 web optional
libapache-mod-jk_1.2.18-3etch2_i386.deb
92d553ae68620971f9b81d81400cc7aa 93386 web optional
libapache2-mod-jk_1.2.18-3etch2_i386.deb
04190ed8b2fc8fea1bf98b1b1df14e9b 118140 doc optional
libapache-mod-jk-doc_1.2.18-3etch2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKIuMlbxelr8HyTqQRAo1aAKCBeMxrd5Z+tYSmX/r77a6OwgvXJwCgrQRW
ACdEG4o/KSqFFtWEk5fpT/o=
=GfaC
-----END PGP SIGNATURE-----
--- End Message ---