Your message dated Wed, 7 Jul 2004 00:04:57 +0100 with message-id <[EMAIL PROTECTED]> and subject line Bug#256963: apache2: DoS in apache httpd 2.0.49 issue (CAN-2004-0493) has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 30 Jun 2004 08:19:43 +0000 >From [EMAIL PROTECTED] Wed Jun 30 01:19:43 2004 Return-path: <[EMAIL PROTECTED]> Received: from 204.57.138.210.xn.2iij.net (mebius) [210.138.57.204] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1BfaJj-0002cv-00; Wed, 30 Jun 2004 01:19:43 -0700 Received: by mebius (Postfix, from userid 1000) id 4F33F4488; Wed, 30 Jun 2004 17:19:47 +0900 (JST) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Hideki Yamane <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: apache2: DoS in apache httpd 2.0.49 issue (CAN-2004-0493) X-Mailer: reportbug 2.62 Date: Wed, 30 Jun 2004 17:19:47 +0900 Message-Id: <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-7.0 required=4.0 tests=BAYES_01,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Package: apache2 Severity: normal Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear apache2 maintainer team, Probably you know, but FYI. (I cannot find discussion in debian-apache ML and new packages in incoming, so I posted this in BTS. This post makes users to track security issue more easier, I think). Georgi Guninski found security flaw about DoS attack in apache 2.0.49. (http://www.guninski.com/httpd1.html) and patch is here. http://www.apache.org/dist/httpd/patches/apply_to_2.0.49/CAN-2004-0493.patch Is there any plan to apply this patch? If I had overlooked your working about this issue, please let me know what I should see. - -- Regards, Hideki Yamane henrich @ samba.gr.jp/iijmio-mail.jp -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA4neiIu0hy8THJksRAh7mAJ9kkr5I4dFmmNaxL75UPXxvMVOWQQCfZmlT CF+W3gAGJVL5SShaiZ5Ktho= =dBpV -----END PGP SIGNATURE----- --------------------------------------- Received: (at 256963-done) by bugs.debian.org; 6 Jul 2004 23:05:16 +0000 >From [EMAIL PROTECTED] Tue Jul 06 16:05:16 2004 Return-path: <[EMAIL PROTECTED]> Received: from amnesiac.heapspace.net [195.54.228.42] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Bhz00-0007Qa-00; Tue, 06 Jul 2004 16:05:16 -0700 Received: from localhost (localhost [127.0.0.1]) by amnesiac.heapspace.net (Postfix) with ESMTP id 990D257D8; Wed, 7 Jul 2004 00:04:58 +0100 (BST) Received: from amnesiac.heapspace.net ([127.0.0.1]) by localhost (amnesiac.heapspace.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 52884-02-30; Wed, 7 Jul 2004 00:04:58 +0100 (BST) Received: from fandango.home.clearairturbulence.org (dev.bitch-whore.com [213.208.111.147]) by amnesiac.heapspace.net (Postfix) with ESMTP id B042B57C2; Wed, 7 Jul 2004 00:04:57 +0100 (BST) Received: by fandango.home.clearairturbulence.org (Postfix, from userid 1000) id 3D9593813F74; Wed, 7 Jul 2004 00:04:57 +0100 (BST) Date: Wed, 7 Jul 2004 00:04:57 +0100 From: Thom May <[EMAIL PROTECTED]> To: Hideki Yamane <[EMAIL PROTECTED]>, [EMAIL PROTECTED] Subject: Re: Bug#256963: apache2: DoS in apache httpd 2.0.49 issue (CAN-2004-0493) Message-ID: <[EMAIL PROTECTED]> References: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <[EMAIL PROTECTED]> X-Operating-System: Linux/2.6.7-mm2 (i686) User-Agent: Mutt/1.5.6+20040523i X-Virus-Scanned: by amavisd-new at heapspace.net Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: I just uploaded 2.0.50 which fixes this. -Thom