Your message dated Fri, 05 Nov 2004 15:03:33 +0100 with message-id <[EMAIL PROTECTED]> and subject line Bug#279865: apache-common: CAN-2004-0940 Vulnerable? has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 5 Nov 2004 13:38:09 +0000 >From [EMAIL PROTECTED] Fri Nov 05 05:38:09 2004 Return-path: <[EMAIL PROTECTED]> Received: from mrelay3.uni-hannover.de [130.75.2.41] (root) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CQ4I5-0002wD-00; Fri, 05 Nov 2004 05:38:09 -0800 Received: from mail.itp.uni-hannover.de (mail.itp.uni-hannover.de [130.75.25.242]) by mrelay3.uni-hannover.de (8.12.10/8.12.10) with ESMTP id iA5Dc2lA018047 for <[EMAIL PROTECTED]>; Fri, 5 Nov 2004 14:38:02 +0100 (MET) Received: from pleione.itp.uni-hannover.de (pleione.itp.uni-hannover.de [130.75.25.99]) by mail.itp.uni-hannover.de (Postfix) with ESMTP id B4A3B2F087 for <[EMAIL PROTECTED]>; Fri, 5 Nov 2004 14:37:57 +0100 (CET) Received: by pleione.itp.uni-hannover.de (Postfix, from userid 237) id 80A8F5F42; Fri, 5 Nov 2004 14:37:57 +0100 (CET) Date: Fri, 5 Nov 2004 14:37:57 +0100 From: Helge Kreutzmann <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: apache-common: CAN-2004-0940 Vulnerable? Message-ID: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jRHKVT23PllUwdXP" Content-Disposition: inline User-Agent: Mutt/1.4.2.1i X-Public-Key-URL: http://www.itp.uni-hannover.de/~kreutzm/data/kreutzm.gpg X-homepage: http://www.itp.uni-hannover.de/~kreutzm X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.2.2 (mrelay3.uni-hannover.de [130.75.2.41]); Fri, 05 Nov 2004 14:38:02 +0100 (MET) X-Scanned-By: MIMEDefang 2.42 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: --jRHKVT23PllUwdXP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Package: apache-common Version: 1.3.26-0woody5 Severity: grave Justification: user security hole Tags: woody, security According to=20 http://www.apache.org/dist/httpd/Announcement.html the new apache fixes two vulnerabilities with CAN-numbers. While -492 was fixed in a previous security upload, there is no mention of 940 neither in the changelog, nor did I find a bug report, nor is it mentioned on http://www.debian.org/security/nonvulns-woody Please reassing if I submitted against the wrong package or add this CAN to the above mentioned nonvulns-list if woody is not affected. -- System Information Debian Release: 3.0 Architecture: alpha Kernel: Linux jari 2.4.26-grsec-hk04 #1 Fri Aug 6 12:23:40 CEST 2004 alpha Locale: LANG=3DC, LC_CTYPE=3DC Versions of packages apache-common depends on: ii libc6.1 2.2.5-11.5 GNU C Library: Shared librarie= s an ii libdb2 2:2.7.7.0-7 The Berkeley database routines= (ru ii libexpat1 1.95.2-6 XML parsing C library - runtim= e li ii perl 5.6.1-8.7 Larry Wall's Practical Extract= ion=20 ii perl [perl5] 5.6.1-8.7 Larry Wall's Practical Extract= ion=20 --=20 Helge Kreutzmann, Dipl.-Phys. [EMAIL PROTECTED] er.de gpg signed mail preferred=20 64bit GNU powered http://www.itp.uni-hannover.de/~kreu= tzm Help keep free software "libre": http://www.freepatents.org/ --jRHKVT23PllUwdXP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBi4I1RsxcY/MYpWoRAonIAKC5WU+2P+NVJ9fdc7LuamZoqRrQsgCgs12i 5WsfQt4jKNUlIRGkBokbFZM= =19ax -----END PGP SIGNATURE----- --jRHKVT23PllUwdXP-- --------------------------------------- Received: (at 279865-done) by bugs.debian.org; 5 Nov 2004 14:03:46 +0000 >From [EMAIL PROTECTED] Fri Nov 05 06:03:45 2004 Return-path: <[EMAIL PROTECTED]> Received: from port49.ds1-van.adsl.cybercity.dk (trider-g7.fabbione.net) [212.242.141.114] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CQ4gp-0005bL-00; Fri, 05 Nov 2004 06:03:43 -0800 Received: from localhost (localhost [127.0.0.1]) by trider-g7.fabbione.net (Postfix) with ESMTP id B74F87ACA for <[EMAIL PROTECTED]>; Fri, 5 Nov 2004 15:03:39 +0100 (CET) Received: from trider-g7.fabbione.net ([127.0.0.1]) by localhost (trider-g7 [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 06419-02-9 for <[EMAIL PROTECTED]>; Fri, 5 Nov 2004 15:03:32 +0100 (CET) Received: from [192.168.1.6] (gordian.int.fabbione.net [192.168.1.6]) by trider-g7.fabbione.net (Postfix) with ESMTP id 0D76D7AC3 for <[EMAIL PROTECTED]>; Fri, 5 Nov 2004 15:03:31 +0100 (CET) Message-ID: <[EMAIL PROTECTED]> Date: Fri, 05 Nov 2004 15:03:33 +0100 From: Fabio Massimo Di Nitto <[EMAIL PROTECTED]> User-Agent: Mozilla Thunderbird 0.8 (X11/20041102) X-Accept-Language: en-us, en MIME-Version: 1.0 To: [EMAIL PROTECTED] Subject: Re: Bug#279865: apache-common: CAN-2004-0940 Vulnerable? References: <[EMAIL PROTECTED]> In-Reply-To: <[EMAIL PROTECTED]> X-Enigmail-Version: 0.86.1.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at fabbione.net Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Helge Kreutzmann wrote: | Package: apache-common | Version: 1.3.26-0woody5 | Severity: grave | Justification: user security hole | Tags: woody, security | | According to | http://www.apache.org/dist/httpd/Announcement.html | | the new apache fixes two vulnerabilities with CAN-numbers. While -492 was | fixed in a previous security upload, there is no mention of 940 neither in | the changelog, nor did I find a bug report, nor is it mentioned on | | http://www.debian.org/security/nonvulns-woody | | Please reassing if I submitted against the wrong package or add this CAN to | the above mentioned nonvulns-list if woody is not affected. Thanks for reporting this twice already. Please before filing bugs you are welcome to check both debian-apache mailing lists and bugs.debian.org/src:apache. Fabio - -- Self-Service law: The last available dish of the food you have decided to eat, will be inevitably taken from the person in front of you. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBi4gzhCzbekR3nhgRAv2vAKCUfVa9lDir7uQHVbiy/xFTzJ2eFwCfSqlJ uc0vyd0VrOmd8jVWpXuWzpw= =bugF -----END PGP SIGNATURE-----