** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-6203
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
--
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-6203
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing
This bug was fixed in the package apache2 - 2.2.4-3ubuntu0.2
---
apache2 (2.2.4-3ubuntu0.2) gutsy-security; urgency=low
[ Emanuele Gentili ]
* SECURITY UPDATE:
+ debian/patches/111_CVE-2008-2364.dpatch (LP: #239894)
- The ap_proxy_http_process_response function in
This bug was fixed in the package apache2 - 2.2.8-1ubuntu0.4
---
apache2 (2.2.8-1ubuntu0.4) hardy-security; urgency=low
[ Emanuele Gentili ]
* SECURITY UPDATE:
+ debian/patches/201_security_CVE-2008-2364.dpatch (LP: #239894)
- The ap_proxy_http_process_response function in
Fix released in http://www.ubuntu.com/usn/USN-731-1
** Changed in: apache2 (Ubuntu Dapper)
Status: Fix Committed = Fix Released
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
http://www.ubuntu.com/usn/USN-731-1
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
--
Ubuntu-server-bugs mailing list
This bug was fixed in the package apache2 - 2.2.4-3ubuntu0.2
---
apache2 (2.2.4-3ubuntu0.2) gutsy-security; urgency=low
[ Emanuele Gentili ]
* SECURITY UPDATE:
+ debian/patches/111_CVE-2008-2364.dpatch (LP: #239894)
- The ap_proxy_http_process_response function in
This bug was fixed in the package apache2 - 2.2.8-1ubuntu0.4
---
apache2 (2.2.8-1ubuntu0.4) hardy-security; urgency=low
[ Emanuele Gentili ]
* SECURITY UPDATE:
+ debian/patches/201_security_CVE-2008-2364.dpatch (LP: #239894)
- The ap_proxy_http_process_response function in
Fix released in http://www.ubuntu.com/usn/USN-731-1
** Changed in: apache2 (Ubuntu Dapper)
Status: Fix Committed = Fix Released
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs,
http://www.ubuntu.com/usn/USN-731-1
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
** Changed in: apache2 (Ubuntu Dapper)
Assignee: Emanuele Gentili (emgent) = Marc Deslauriers (mdeslaur)
Status: In Progress = Fix Committed
** Changed in: apache2 (Ubuntu Gutsy)
Assignee: Emanuele Gentili (emgent) = Marc Deslauriers (mdeslaur)
Status: In Progress = Fix
** Changed in: apache2 (Ubuntu Dapper)
Assignee: Emanuele Gentili (emgent) = Marc Deslauriers (mdeslaur)
Status: In Progress = Fix Committed
** Changed in: apache2 (Ubuntu Gutsy)
Assignee: Emanuele Gentili (emgent) = Marc Deslauriers (mdeslaur)
Status: In Progress = Fix
** Changed in: apache2 (Ubuntu)
Status: Fix Released = New
** Changed in: apache2 (Ubuntu)
Status: New = In Progress
** Changed in: apache2 (Ubuntu)
Status: In Progress = Fix Released
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You
** Changed in: apache2 (Ubuntu)
Status: Fix Released = New
** Changed in: apache2 (Ubuntu)
Status: New = In Progress
** Changed in: apache2 (Ubuntu)
Status: In Progress = Fix Released
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You
** Changed in: apache2 (Ubuntu Dapper)
Importance: High = Low
** Changed in: apache2 (Ubuntu Feisty)
Importance: High = Low
** Changed in: apache2 (Ubuntu Gutsy)
Importance: High = Low
** Changed in: apache2 (Ubuntu Hardy)
Importance: High = Low
** Changed in: apache2 (Ubuntu)
** Changed in: apache2 (Ubuntu Dapper)
Importance: High = Low
** Changed in: apache2 (Ubuntu Feisty)
Importance: High = Low
** Changed in: apache2 (Ubuntu Gutsy)
Importance: High = Low
** Changed in: apache2 (Ubuntu Hardy)
Importance: High = Low
** Changed in: apache2 (Ubuntu)
Please could someone mark this as Won't Fix for Feisty?
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
--
Ubuntu-server-bugs
** Changed in: apache2 (Ubuntu Feisty)
Status: In Progress = Won't Fix
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
--
Please could someone mark this as Won't Fix for Feisty?
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
** Changed in: apache2 (Ubuntu Feisty)
Status: In Progress = Won't Fix
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing
POC:
http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/security/CVE-2008-2364.t?revision=666283view=markup
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Server Team, which is
POC:
http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/security/CVE-2008-2364.t?revision=666283view=markup
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
Upstream fix for apache 2.0.X.
http://archive.apache.org/dist/httpd/patches/apply_to_2.0.63/CVE-2008-2364-patch-2.0.txt
I will complete dapper fix and tests tomorrow.
E.
** Changed in: apache2 (Ubuntu Dapper)
Importance: Undecided = High
Status: Confirmed = In Progress
** Changed
more info avaiable here:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
--
more info avaiable here:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
** Changed in: apache2 (Ubuntu)
Status: In Progress = Fix Released
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
--
** Changed in: apache2 (Ubuntu)
Status: In Progress = Fix Released
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
Based on the CVE, apache2 in Dapper *is* vulnerable, but the backporting
of this fix isn't trivial. Emgent, can you describe your testing
environment? That would help in testing the Dapper backport.
** Changed in: apache2 (Ubuntu Dapper)
Status: New = Confirmed
--
CVE-2008-2364 Apache2
Upstream has no plans to backport the fix due to how unlikely the
situation is.
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing
** Changed in: apache2 (Ubuntu Feisty)
Assignee: (unassigned) = Emanuele Gentili (emgent)
** Changed in: apache2 (Ubuntu Gutsy)
Assignee: (unassigned) = Emanuele Gentili (emgent)
** Changed in: apache2 (Ubuntu Hardy)
Assignee: (unassigned) = Emanuele Gentili (emgent)
--
Packages should build-depend on libdb-dev, not a specific version. The
new standard db version in Intrepid is 4.7, we shouldn't proliferate
4.6.
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of
Security issue in Intrepid Ibex fixed by Chuck Short with Debian Merge.
** Attachment removed: intrepid_apache2_2.2.8-4ubuntu3.debdiff
http://launchpadlibrarian.net/15307756/intrepid_apache2_2.2.8-4ubuntu3.debdiff
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
** Changed in: apache2 (Ubuntu Feisty)
Assignee: (unassigned) = Emanuele Gentili (emgent)
** Changed in: apache2 (Ubuntu Gutsy)
Assignee: (unassigned) = Emanuele Gentili (emgent)
** Changed in: apache2 (Ubuntu Hardy)
Assignee: (unassigned) = Emanuele Gentili (emgent)
--
** Changed in: apache2 (Ubuntu Feisty)
Importance: Undecided = High
Status: New = In Progress
** Changed in: apache2 (Ubuntu Gutsy)
Importance: Undecided = High
Status: New = In Progress
** Changed in: apache2 (Ubuntu Hardy)
Importance: Undecided = High
Status: New
** Changed in: apache2 (Ubuntu Feisty)
Importance: Undecided = High
Status: New = In Progress
** Changed in: apache2 (Ubuntu Gutsy)
Importance: Undecided = High
Status: New = In Progress
** Changed in: apache2 (Ubuntu Hardy)
Importance: Undecided = High
Status: New
libdb4.6-dev (source: db4.6) is in intrepid again (and should appear
soon on the archive).
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in
** Attachment added: intrepid_apache2_2.2.8-4ubuntu3.debdiff
http://launchpadlibrarian.net/15307756/intrepid_apache2_2.2.8-4ubuntu3.debdiff
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of
fixed in 2.2.9, which has been uploaded to Debian
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
--
Ubuntu-server-bugs mailing list
libdb4.6-dev (source: db4.6) is in intrepid again (and should appear
soon on the archive).
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
** Attachment added: intrepid_apache2_2.2.8-4ubuntu3.debdiff
http://launchpadlibrarian.net/15307756/intrepid_apache2_2.2.8-4ubuntu3.debdiff
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of
fixed in 2.2.9, which has been uploaded to Debian
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
Intrepid fix avaiable by upstream and work fine to solve the problem.
Actually build faild:
libaprutil1-dev: Depends: libdb4.6-dev but it is not installable
more info:
https://edge.launchpad.net/ubuntu/intrepid/i386/libdb4.6-dev
(i will attach it later)
--
CVE-2008-2364 Apache2
UPSTREAM FIX:
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154r2=666153pathrev=666154
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Server Team,
** Attachment added: gutsy_security_apache2_2.2.4-3ubuntu0.2.debdiff
http://launchpadlibrarian.net/15293240/gutsy_security_apache2_2.2.4-3ubuntu0.2.debdiff
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are
** Attachment added: hardy_security_apache2_2.2.8-1ubuntu0.1.debdiff
http://launchpadlibrarian.net/15293694/hardy_security_apache2_2.2.8-1ubuntu0.1.debdiff
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are
** Attachment added: feisty_security_apache2_2.2.3-3.2ubuntu2.2.debdiff
http://launchpadlibrarian.net/15294355/feisty_security_apache2_2.2.3-3.2ubuntu2.2.debdiff
** Changed in: apache2 (Ubuntu)
Status: Confirmed = In Progress
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
@Pitti: can you write here when you solve libdb4.6-dev problem in
intrepid?
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
--
Intrepid fix avaiable by upstream and work fine to solve the problem.
Actually build faild:
libaprutil1-dev: Depends: libdb4.6-dev but it is not installable
more info:
https://edge.launchpad.net/ubuntu/intrepid/i386/libdb4.6-dev
(i will attach it later)
--
CVE-2008-2364 Apache2
UPSTREAM FIX:
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154r2=666153pathrev=666154
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Attachment added: gutsy_security_apache2_2.2.4-3ubuntu0.2.debdiff
http://launchpadlibrarian.net/15293240/gutsy_security_apache2_2.2.4-3ubuntu0.2.debdiff
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are
** Attachment added: hardy_security_apache2_2.2.8-1ubuntu0.1.debdiff
http://launchpadlibrarian.net/15293694/hardy_security_apache2_2.2.8-1ubuntu0.1.debdiff
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are
** Attachment added: feisty_security_apache2_2.2.3-3.2ubuntu2.2.debdiff
http://launchpadlibrarian.net/15294355/feisty_security_apache2_2.2.3-3.2ubuntu2.2.debdiff
** Changed in: apache2 (Ubuntu)
Status: Confirmed = In Progress
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
@Pitti: can you write here when you solve libdb4.6-dev problem in
intrepid?
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing
according to CVE/upstream dapper apache2 version not affected.
[EMAIL PROTECTED]:~$ rmadison apache2
apache2 | 2.0.55-4ubuntu2 |dapper | source, amd64, i386, powerpc
apache2 | 2.0.55-4ubuntu2.3 | dapper-security | source, amd64, i386, powerpc
apache2 | 2.0.55-4ubuntu2.3 |
54 matches
Mail list logo
