Bug#322607: marked as done (SECURITY: HTTP proxy responses with both Transfer-Encoding and Content-Length headers (CAN-2005-2088))
Your message dated Fri, 16 Dec 2005 21:19:02 -0800 with message-id <[EMAIL PROTECTED]> and subject line Bug#322607: fixed in apache 1.3.33-6sarge1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 28 Jun 2005 22:49:46 + >From [EMAIL PROTECTED] Tue Jun 28 15:49:44 2005 Return-path: <[EMAIL PROTECTED]> Received: from inutil.org (vserver151.vserver151.serverflex.de) [193.22.164.111] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1DnOtj-0005fj-00; Tue, 28 Jun 2005 15:49:43 -0700 Received: from dsl-082-082-137-197.arcor-ip.net ([82.82.137.197] helo=localhost.localdomain) by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1DnOo7-0006DV-N0 for [EMAIL PROTECTED]; Wed, 29 Jun 2005 00:43:55 +0200 Received: from jmm by localhost.localdomain with local (Exim 4.51) id 1DnOtX-0001i1-IX; Wed, 29 Jun 2005 00:49:31 +0200 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Moritz Muehlenhoff <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: apache2: Security issues in HTTP proxy responses with both Transfer-Encoding and Content-Length headers X-Mailer: reportbug 3.15 Date: Wed, 29 Jun 2005 00:49:31 +0200 X-Debbugs-Cc: [EMAIL PROTECTED] Message-Id: <[EMAIL PROTECTED]> X-SA-Exim-Connect-IP: 82.82.137.197 X-SA-Exim-Mail-From: [EMAIL PROTECTED] X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE, X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: apache2 Severity: grave Tags: security Justification: user security hole Latest 2.1.6-alpha fixes a security in the proxy HTTP code: | The 2.1.6-alpha release addresses a security vulnerability present | in all previous 2.x versions. This fault did not affect Apache 1.3.x | (which did not proxy keepalives or chunked transfer encoding); |Proxy HTTP: If a response contains both Transfer-Encoding |and a Content-Length, remove the Content-Length to eliminate |an HTTP Request Smuggling vulnerability and don't reuse the |connection, stopping some HTTP Request Spoofing attacks. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-rc5 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) --- Received: (at 322607-close) by bugs.debian.org; 17 Dec 2005 05:21:36 + >From [EMAIL PROTECTED] Fri Dec 16 21:21:36 2005 Return-path: <[EMAIL PROTECTED]> Received: from katie by spohr.debian.org with local (Exim 4.50) id 1EnUTG-0007mI-Gq; Fri, 16 Dec 2005 21:19:02 -0800 From: Adam Conrad <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.17 $ Subject: Bug#322607: fixed in apache 1.3.33-6sarge1 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Fri, 16 Dec 2005 21:19:02 -0800 X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 Source: apache Source-Version: 1.3.33-6sarge1 We believe that the bug you reported is fixed in the latest version of apache, which is due to be installed in the Debian FTP archive: apache-common_1.3.33-6sarge1_i386.deb to pool/main/a/apache/apache-common_1.3.33-6sarge1_i386.deb apache-dbg_1.3.33-6sarge1_i386.deb to pool/main/a/apache/apache-dbg_1.3.33-6sarge1_i386.deb apache-dev_1.3.33-6sarge1_all.deb to pool/main/a/apache/apache-dev_1.3.33-6sarge1_all.deb apache-doc_1.3.33-6sarge1_all.deb to pool/main/a/apache/apache-doc_1.3.33-6sarge1_all.deb apache-perl_1.3.33-6sarge1_i386.deb to pool/main/a/apache/apache-perl_1.3.33-6sarge1_i386.deb apache-ssl_1.3.33-6sarge1_i386.deb to pool/main/a/apache/apache-ssl_1.3.33-6sarge1_i386.deb apache-utils_1.3.33-6sarge1_all.deb to pool/main/a/apache/apache-utils_1.3.33-6sarge1_all.deb apache_1.3.33-
Bug#322607: marked as done (SECURITY: HTTP proxy responses with both Transfer-Encoding and Content-Length headers (CAN-2005-2088))
Your message dated Wed, 07 Sep 2005 23:02:12 -0700 with message-id <[EMAIL PROTECTED]> and subject line Bug#322607: fixed in apache 1.3.33-6sarge1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 28 Jun 2005 22:49:46 + >From [EMAIL PROTECTED] Tue Jun 28 15:49:44 2005 Return-path: <[EMAIL PROTECTED]> Received: from inutil.org (vserver151.vserver151.serverflex.de) [193.22.164.111] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1DnOtj-0005fj-00; Tue, 28 Jun 2005 15:49:43 -0700 Received: from dsl-082-082-137-197.arcor-ip.net ([82.82.137.197] helo=localhost.localdomain) by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1DnOo7-0006DV-N0 for [EMAIL PROTECTED]; Wed, 29 Jun 2005 00:43:55 +0200 Received: from jmm by localhost.localdomain with local (Exim 4.51) id 1DnOtX-0001i1-IX; Wed, 29 Jun 2005 00:49:31 +0200 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Moritz Muehlenhoff <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: apache2: Security issues in HTTP proxy responses with both Transfer-Encoding and Content-Length headers X-Mailer: reportbug 3.15 Date: Wed, 29 Jun 2005 00:49:31 +0200 X-Debbugs-Cc: [EMAIL PROTECTED] Message-Id: <[EMAIL PROTECTED]> X-SA-Exim-Connect-IP: 82.82.137.197 X-SA-Exim-Mail-From: [EMAIL PROTECTED] X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE, X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: apache2 Severity: grave Tags: security Justification: user security hole Latest 2.1.6-alpha fixes a security in the proxy HTTP code: | The 2.1.6-alpha release addresses a security vulnerability present | in all previous 2.x versions. This fault did not affect Apache 1.3.x | (which did not proxy keepalives or chunked transfer encoding); |Proxy HTTP: If a response contains both Transfer-Encoding |and a Content-Length, remove the Content-Length to eliminate |an HTTP Request Smuggling vulnerability and don't reuse the |connection, stopping some HTTP Request Spoofing attacks. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-rc5 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) --- Received: (at 322607-close) by bugs.debian.org; 8 Sep 2005 06:12:24 + >From [EMAIL PROTECTED] Wed Sep 07 23:12:24 2005 Return-path: <[EMAIL PROTECTED]> Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian)) id 1EDFUC-0005Fn-00; Wed, 07 Sep 2005 23:02:12 -0700 From: Adam Conrad <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.56 $ Subject: Bug#322607: fixed in apache 1.3.33-6sarge1 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Wed, 07 Sep 2005 23:02:12 -0700 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 Source: apache Source-Version: 1.3.33-6sarge1 We believe that the bug you reported is fixed in the latest version of apache, which is due to be installed in the Debian FTP archive: apache-common_1.3.33-6sarge1_i386.deb to pool/main/a/apache/apache-common_1.3.33-6sarge1_i386.deb apache-dbg_1.3.33-6sarge1_i386.deb to pool/main/a/apache/apache-dbg_1.3.33-6sarge1_i386.deb apache-dev_1.3.33-6sarge1_all.deb to pool/main/a/apache/apache-dev_1.3.33-6sarge1_all.deb apache-doc_1.3.33-6sarge1_all.deb to pool/main/a/apache/apache-doc_1.3.33-6sarge1_all.deb apache-perl_1.3.33-6sarge1_i386.deb to pool/main/a/apache/apache-perl_1.3.33-6sarge1_i386.deb apache-ssl_1.3.33-6sarge1_i386.deb to pool/main/a/apache/apache-ssl_1.3.33-6sarge1_i386.deb apache-utils_1.3.33-6sarge1_all.deb to pool/main/a/apache/apache-u
Bug#322607: marked as done (SECURITY: HTTP proxy responses with both Transfer-Encoding and Content-Length headers (CAN-2005-2088))
Your message dated Tue, 06 Sep 2005 07:47:04 -0700 with message-id <[EMAIL PROTECTED]> and subject line Bug#322607: fixed in apache 1.3.33-8 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 28 Jun 2005 22:49:46 + >From [EMAIL PROTECTED] Tue Jun 28 15:49:44 2005 Return-path: <[EMAIL PROTECTED]> Received: from inutil.org (vserver151.vserver151.serverflex.de) [193.22.164.111] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1DnOtj-0005fj-00; Tue, 28 Jun 2005 15:49:43 -0700 Received: from dsl-082-082-137-197.arcor-ip.net ([82.82.137.197] helo=localhost.localdomain) by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1DnOo7-0006DV-N0 for [EMAIL PROTECTED]; Wed, 29 Jun 2005 00:43:55 +0200 Received: from jmm by localhost.localdomain with local (Exim 4.51) id 1DnOtX-0001i1-IX; Wed, 29 Jun 2005 00:49:31 +0200 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Moritz Muehlenhoff <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: apache2: Security issues in HTTP proxy responses with both Transfer-Encoding and Content-Length headers X-Mailer: reportbug 3.15 Date: Wed, 29 Jun 2005 00:49:31 +0200 X-Debbugs-Cc: [EMAIL PROTECTED] Message-Id: <[EMAIL PROTECTED]> X-SA-Exim-Connect-IP: 82.82.137.197 X-SA-Exim-Mail-From: [EMAIL PROTECTED] X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE, X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: apache2 Severity: grave Tags: security Justification: user security hole Latest 2.1.6-alpha fixes a security in the proxy HTTP code: | The 2.1.6-alpha release addresses a security vulnerability present | in all previous 2.x versions. This fault did not affect Apache 1.3.x | (which did not proxy keepalives or chunked transfer encoding); |Proxy HTTP: If a response contains both Transfer-Encoding |and a Content-Length, remove the Content-Length to eliminate |an HTTP Request Smuggling vulnerability and don't reuse the |connection, stopping some HTTP Request Spoofing attacks. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-rc5 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) --- Received: (at 322607-close) by bugs.debian.org; 6 Sep 2005 14:51:12 + >From [EMAIL PROTECTED] Tue Sep 06 07:51:12 2005 Return-path: <[EMAIL PROTECTED]> Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian)) id 1ECej2-0004mV-00; Tue, 06 Sep 2005 07:47:04 -0700 From: Adam Conrad <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.56 $ Subject: Bug#322607: fixed in apache 1.3.33-8 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Tue, 06 Sep 2005 07:47:04 -0700 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 Source: apache Source-Version: 1.3.33-8 We believe that the bug you reported is fixed in the latest version of apache, which is due to be installed in the Debian FTP archive: apache-common_1.3.33-8_powerpc.deb to pool/main/a/apache/apache-common_1.3.33-8_powerpc.deb apache-dbg_1.3.33-8_powerpc.deb to pool/main/a/apache/apache-dbg_1.3.33-8_powerpc.deb apache-dev_1.3.33-8_all.deb to pool/main/a/apache/apache-dev_1.3.33-8_all.deb apache-doc_1.3.33-8_all.deb to pool/main/a/apache/apache-doc_1.3.33-8_all.deb apache-perl_1.3.33-8_powerpc.deb to pool/main/a/apache/apache-perl_1.3.33-8_powerpc.deb apache-ssl_1.3.33-8_powerpc.deb to pool/main/a/apache/apache-ssl_1.3.33-8_powerpc.deb apache-utils_1.3.33-8_all.deb to pool/main/a/apache/apache-utils_1.3.33-8_all.deb apache_1.3.33-8.diff.gz to pool/main/a/apache/ap