Bug#279865: marked as done (apache-common: CAN-2004-0940 Vulnerable?)

Debian Bug Tracking System Fri, 05 Nov 2004 08:23:17 -0600

Your message dated Fri, 05 Nov 2004 15:03:33 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Bug#279865: apache-common: CAN-2004-0940 Vulnerable?
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 5 Nov 2004 13:38:09 +0000
>From [EMAIL PROTECTED] Fri Nov 05 05:38:09 2004
Return-path: <[EMAIL PROTECTED]>
Received: from mrelay3.uni-hannover.de [130.75.2.41] (root)
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1CQ4I5-0002wD-00; Fri, 05 Nov 2004 05:38:09 -0800
Received: from mail.itp.uni-hannover.de (mail.itp.uni-hannover.de 
[130.75.25.242])
        by mrelay3.uni-hannover.de (8.12.10/8.12.10) with ESMTP id 
iA5Dc2lA018047
        for <[EMAIL PROTECTED]>; Fri, 5 Nov 2004 14:38:02 +0100 (MET)
Received: from pleione.itp.uni-hannover.de (pleione.itp.uni-hannover.de 
[130.75.25.99])
        by mail.itp.uni-hannover.de (Postfix) with ESMTP id B4A3B2F087
        for <[EMAIL PROTECTED]>; Fri,  5 Nov 2004 14:37:57 +0100 (CET)
Received: by pleione.itp.uni-hannover.de (Postfix, from userid 237)
        id 80A8F5F42; Fri,  5 Nov 2004 14:37:57 +0100 (CET)
Date: Fri, 5 Nov 2004 14:37:57 +0100
From: Helge Kreutzmann <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: apache-common: CAN-2004-0940 Vulnerable?
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="jRHKVT23PllUwdXP"
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
X-Public-Key-URL: http://www.itp.uni-hannover.de/~kreutzm/data/kreutzm.gpg
X-homepage: http://www.itp.uni-hannover.de/~kreutzm
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.2.2 
(mrelay3.uni-hannover.de [130.75.2.41]); Fri, 05 Nov 2004 14:38:02 +0100 (MET)
X-Scanned-By: MIMEDefang 2.42
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 


--jRHKVT23PllUwdXP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: apache-common
Version: 1.3.26-0woody5
Severity: grave
Justification: user security hole
Tags: woody, security

According to=20
http://www.apache.org/dist/httpd/Announcement.html

the new apache fixes two vulnerabilities with CAN-numbers. While -492 was
fixed in a previous security upload, there is no mention of 940 neither in
the changelog, nor did I find a bug report, nor is it mentioned on

http://www.debian.org/security/nonvulns-woody

Please reassing if I submitted against the wrong package or add this CAN to
the above mentioned nonvulns-list if woody is not affected.

-- System Information
Debian Release: 3.0
Architecture: alpha
Kernel: Linux jari 2.4.26-grsec-hk04 #1 Fri Aug 6 12:23:40 CEST 2004 alpha
Locale: LANG=3DC, LC_CTYPE=3DC

Versions of packages apache-common depends on:
ii  libc6.1                      2.2.5-11.5  GNU C Library: Shared librarie=
s an
ii  libdb2                       2:2.7.7.0-7 The Berkeley database routines=
 (ru
ii  libexpat1                    1.95.2-6    XML parsing C library - runtim=
e li
ii  perl                         5.6.1-8.7   Larry Wall's Practical Extract=
ion=20
ii  perl [perl5]                 5.6.1-8.7   Larry Wall's Practical Extract=
ion=20
--=20
Helge Kreutzmann, Dipl.-Phys.               [EMAIL PROTECTED]
er.de
                       gpg signed mail preferred=20
    64bit GNU powered                  http://www.itp.uni-hannover.de/~kreu=
tzm
       Help keep free software "libre": http://www.freepatents.org/

--jRHKVT23PllUwdXP
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBi4I1RsxcY/MYpWoRAonIAKC5WU+2P+NVJ9fdc7LuamZoqRrQsgCgs12i
5WsfQt4jKNUlIRGkBokbFZM=
=19ax
-----END PGP SIGNATURE-----

--jRHKVT23PllUwdXP--

---------------------------------------
Received: (at 279865-done) by bugs.debian.org; 5 Nov 2004 14:03:46 +0000
>From [EMAIL PROTECTED] Fri Nov 05 06:03:45 2004
Return-path: <[EMAIL PROTECTED]>
Received: from port49.ds1-van.adsl.cybercity.dk (trider-g7.fabbione.net) 
[212.242.141.114] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1CQ4gp-0005bL-00; Fri, 05 Nov 2004 06:03:43 -0800
Received: from localhost (localhost [127.0.0.1])
        by trider-g7.fabbione.net (Postfix) with ESMTP id B74F87ACA
        for <[EMAIL PROTECTED]>; Fri,  5 Nov 2004 15:03:39 +0100 (CET)
Received: from trider-g7.fabbione.net ([127.0.0.1])
        by localhost (trider-g7 [127.0.0.1]) (amavisd-new, port 10024)
        with LMTP id 06419-02-9 for <[EMAIL PROTECTED]>;
        Fri, 5 Nov 2004 15:03:32 +0100 (CET)
Received: from [192.168.1.6] (gordian.int.fabbione.net [192.168.1.6])
        by trider-g7.fabbione.net (Postfix) with ESMTP id 0D76D7AC3
        for <[EMAIL PROTECTED]>; Fri,  5 Nov 2004 15:03:31 +0100 (CET)
Message-ID: <[EMAIL PROTECTED]>
Date: Fri, 05 Nov 2004 15:03:33 +0100
From: Fabio Massimo Di Nitto <[EMAIL PROTECTED]>
User-Agent: Mozilla Thunderbird 0.8 (X11/20041102)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: Re: Bug#279865: apache-common: CAN-2004-0940 Vulnerable?
References: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
X-Enigmail-Version: 0.86.1.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at fabbione.net
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Helge Kreutzmann wrote:
| Package: apache-common
| Version: 1.3.26-0woody5
| Severity: grave
| Justification: user security hole
| Tags: woody, security
|
| According to
| http://www.apache.org/dist/httpd/Announcement.html
|
| the new apache fixes two vulnerabilities with CAN-numbers. While -492 was
| fixed in a previous security upload, there is no mention of 940 neither in
| the changelog, nor did I find a bug report, nor is it mentioned on
|
| http://www.debian.org/security/nonvulns-woody
|
| Please reassing if I submitted against the wrong package or add this CAN to
| the above mentioned nonvulns-list if woody is not affected.

Thanks for reporting this twice already. Please before filing bugs you are 
welcome to check both
debian-apache mailing lists and bugs.debian.org/src:apache.

Fabio

- --
Self-Service law:
The last available dish of the food you have decided to eat, will be
inevitably taken from the person in front of you.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBi4gzhCzbekR3nhgRAv2vAKCUfVa9lDir7uQHVbiy/xFTzJ2eFwCfSqlJ
uc0vyd0VrOmd8jVWpXuWzpw=
=bugF
-----END PGP SIGNATURE-----

Bug#279865: marked as done (apache-common: CAN-2004-0940 Vulnerable?)

Reply via email to