Your message dated Wed, 7 Jul 2004 00:04:57 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Bug#256963: apache2: DoS in apache httpd 2.0.49 issue
(CAN-2004-0493)
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 30 Jun 2004 08:19:43 +0000
>From [EMAIL PROTECTED] Wed Jun 30 01:19:43 2004
Return-path: <[EMAIL PROTECTED]>
Received: from 204.57.138.210.xn.2iij.net (mebius) [210.138.57.204]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BfaJj-0002cv-00; Wed, 30 Jun 2004 01:19:43 -0700
Received: by mebius (Postfix, from userid 1000)
id 4F33F4488; Wed, 30 Jun 2004 17:19:47 +0900 (JST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Hideki Yamane <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: apache2: DoS in apache httpd 2.0.49 issue (CAN-2004-0493)
X-Mailer: reportbug 2.62
Date: Wed, 30 Jun 2004 17:19:47 +0900
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-7.0 required=4.0 tests=BAYES_01,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: apache2
Severity: normal
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear apache2 maintainer team,
Probably you know, but FYI.
(I cannot find discussion in debian-apache ML and new packages
in incoming, so I posted this in BTS. This post makes users to
track security issue more easier, I think).
Georgi Guninski found security flaw about DoS attack in apache 2.0.49.
(http://www.guninski.com/httpd1.html)
and patch is here.
http://www.apache.org/dist/httpd/patches/apply_to_2.0.49/CAN-2004-0493.patch
Is there any plan to apply this patch?
If I had overlooked your working about this issue, please let me know
what I should see.
- --
Regards,
Hideki Yamane henrich @ samba.gr.jp/iijmio-mail.jp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFA4neiIu0hy8THJksRAh7mAJ9kkr5I4dFmmNaxL75UPXxvMVOWQQCfZmlT
CF+W3gAGJVL5SShaiZ5Ktho=
=dBpV
-----END PGP SIGNATURE-----
---------------------------------------
Received: (at 256963-done) by bugs.debian.org; 6 Jul 2004 23:05:16 +0000
>From [EMAIL PROTECTED] Tue Jul 06 16:05:16 2004
Return-path: <[EMAIL PROTECTED]>
Received: from amnesiac.heapspace.net [195.54.228.42]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Bhz00-0007Qa-00; Tue, 06 Jul 2004 16:05:16 -0700
Received: from localhost (localhost [127.0.0.1])
by amnesiac.heapspace.net (Postfix) with ESMTP id 990D257D8;
Wed, 7 Jul 2004 00:04:58 +0100 (BST)
Received: from amnesiac.heapspace.net ([127.0.0.1])
by localhost (amnesiac.heapspace.net [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id 52884-02-30; Wed, 7 Jul 2004 00:04:58 +0100 (BST)
Received: from fandango.home.clearairturbulence.org (dev.bitch-whore.com
[213.208.111.147])
by amnesiac.heapspace.net (Postfix) with ESMTP id B042B57C2;
Wed, 7 Jul 2004 00:04:57 +0100 (BST)
Received: by fandango.home.clearairturbulence.org (Postfix, from userid 1000)
id 3D9593813F74; Wed, 7 Jul 2004 00:04:57 +0100 (BST)
Date: Wed, 7 Jul 2004 00:04:57 +0100
From: Thom May <[EMAIL PROTECTED]>
To: Hideki Yamane <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: Bug#256963: apache2: DoS in apache httpd 2.0.49 issue
(CAN-2004-0493)
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
X-Operating-System: Linux/2.6.7-mm2 (i686)
User-Agent: Mutt/1.5.6+20040523i
X-Virus-Scanned: by amavisd-new at heapspace.net
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
I just uploaded 2.0.50 which fixes this.
-Thom
