Bug#240100: marked as done (apache2: multiple security vulnerabilities fixed in new upstream release)

Debian Bug Tracking System Sun, 04 Apr 2004 09:57:26 -0500

Your message dated Sun, 04 Apr 2004 10:17:05 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#240100: fixed in apache2 2.0.49-1
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 25 Mar 2004 19:23:38 +0000
>From [EMAIL PROTECTED] Thu Mar 25 11:23:38 2004
Return-path: <[EMAIL PROTECTED]>
Received: from hq.voxel.net (wax.hq.voxel.net) [66.109.37.2] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1B6aS1-00023m-00; Thu, 25 Mar 2004 11:23:38 -0800
Received: by wax.hq.voxel.net (Postfix, from userid 1000)
        id 72C661FB47; Thu, 25 Mar 2004 14:23:34 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Andres Salomon <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: apache2: multiple security vulnerabilities fixed in new upstream 
release
X-Mailer: reportbug 2.54
Date: Thu, 25 Mar 2004 14:23:34 -0500
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-7.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: apache2
Severity: grave

Apache2 2.0.49 fixes a few security bugs:

SECURITY: CAN-2004-0174 (cve.mitre.org) Fix starvation issue on
listening sockets where a short-lived connection on a rarely-accessed
listening socket will cause a child to hold the accept mutex and block
out new connections until another connection arrives on that
rarely-accessed listening socket. With Apache 2.x there is no
performance concern about enabling the logic for platforms which don't
need it, so it is enabled everywhere except for Win32. [Jeff Trawick]

SECURITY: CAN-2004-0113 (cve.mitre.org) mod_ssl: Fix a memory leak in
plain-HTTP-on-SSL-port handling. PR 27106. [Joe Orton]

SECURITY: CAN-2003-0020 (cve.mitre.org) Escape arbitrary data before
writing into the errorlog. Unescaped errorlogs are still possible using
the compile time switch "-DAP_UNSAFE_ERROR_LOG_UNESCAPED". [Geoffrey
Young, Andre Malo]



-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.4-1-k7
Locale: LANG=C, LC_CTYPE=C

---------------------------------------
Received: (at 240100-close) by bugs.debian.org; 4 Apr 2004 14:23:04 +0000
>From [EMAIL PROTECTED] Sun Apr 04 07:23:04 2004
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1BA8We-0006XH-00; Sun, 04 Apr 2004 07:23:04 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
        id 1BA8Qr-00069S-00; Sun, 04 Apr 2004 10:17:05 -0400
From: Thom May <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.46 $
Subject: Bug#240100: fixed in apache2 2.0.49-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sun, 04 Apr 2004 10:17:05 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 
X-CrossAssassin-Scores: 1 1

Source: apache2
Source-Version: 2.0.49-1

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

apache2-common_2.0.49-1_powerpc.deb
  to pool/main/a/apache2/apache2-common_2.0.49-1_powerpc.deb
apache2-doc_2.0.49-1_all.deb
  to pool/main/a/apache2/apache2-doc_2.0.49-1_all.deb
apache2-mpm-perchild_2.0.49-1_powerpc.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.0.49-1_powerpc.deb
apache2-mpm-prefork_2.0.49-1_powerpc.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.0.49-1_powerpc.deb
apache2-mpm-threadpool_2.0.49-1_powerpc.deb
  to pool/main/a/apache2/apache2-mpm-threadpool_2.0.49-1_powerpc.deb
apache2-mpm-worker_2.0.49-1_powerpc.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.0.49-1_powerpc.deb
apache2-prefork-dev_2.0.49-1_all.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.0.49-1_all.deb
apache2-threaded-dev_2.0.49-1_all.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.0.49-1_all.deb
apache2_2.0.49-1.diff.gz
  to pool/main/a/apache2/apache2_2.0.49-1.diff.gz
apache2_2.0.49-1.dsc
  to pool/main/a/apache2/apache2_2.0.49-1.dsc
apache2_2.0.49.orig.tar.gz
  to pool/main/a/apache2/apache2_2.0.49.orig.tar.gz
libapr0-dev_2.0.49-1_powerpc.deb
  to pool/main/a/apache2/libapr0-dev_2.0.49-1_powerpc.deb
libapr0_2.0.49-1_powerpc.deb
  to pool/main/a/apache2/libapr0_2.0.49-1_powerpc.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thom May <[EMAIL PROTECTED]> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun,  4 Apr 2004 11:32:20 +0100
Source: apache2
Binary: apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev 
apache2-mpm-threadpool apache2-mpm-worker libapr0 apache2-threaded-dev 
apache2-common apache2-mpm-perchild
Architecture: source all powerpc
Version: 2.0.49-1
Distribution: unstable
Urgency: high
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Thom May <[EMAIL PROTECTED]>
Description: 
 apache2-common - Next generation, scalable, extendable web server
 apache2-doc - Documentation for apache2
 apache2-mpm-perchild - Experimental High speed perchild threaded model for 
Apache2
 apache2-mpm-prefork - Traditional model for Apache2
 apache2-mpm-threadpool - Experimental High speed thread pool model for Apache2
 apache2-mpm-worker - High speed threaded model for Apache2
 apache2-prefork-dev - Development headers for apache2
 apache2-threaded-dev - Development headers for apache2
 libapr0    - The Apache Portable Runtime
 libapr0-dev - Development headers for libapr
Closes: 240100 240301
Changes: 
 apache2 (2.0.49-1) unstable; urgency=high
 .
   * New Upstream release. (Closes: #240100)
   * Add missing $ to init-script (closes: #240301)
   * Provides: httpd-cgi in reference to #117916
Files: 
 1bb29c27a95e485a63150cb0549c6b65 1716 net optional apache2_2.0.49-1.dsc
 5e63aec0163f62fe1c0cb1b7c064d8d7 5904526 net optional 
apache2_2.0.49.orig.tar.gz
 513f9daf0300df40d8c456cad63923c4 75879 net optional apache2_2.0.49-1.diff.gz
 1bc0146ad824bf1c1791de8901864c60 2721924 doc optional 
apache2-doc_2.0.49-1_all.deb
 eadc82ce59f434fad063804b8f067ed7 156482 devel optional 
apache2-prefork-dev_2.0.49-1_all.deb
 ca40a8c2732f70c67cdd2f03cc5ad0eb 157100 devel optional 
apache2-threaded-dev_2.0.49-1_all.deb
 e92dbbb540d7770a3142c5a77e92f4e3 886332 net optional 
apache2-common_2.0.49-1_powerpc.deb
 ad1e7a37c2db890747742516d2319395 215018 net optional 
apache2-mpm-worker_2.0.49-1_powerpc.deb
 baa57d8f056e97c58f2468ae48b121cf 214668 net optional 
apache2-mpm-threadpool_2.0.49-1_powerpc.deb
 8928af631d29755fd2d46ad275118f97 215952 net optional 
apache2-mpm-perchild_2.0.49-1_powerpc.deb
 f5b5674b8675eb6bb693f3d515326037 211510 net optional 
apache2-mpm-prefork_2.0.49-1_powerpc.deb
 0cc29084466f35318eb0b243aa339199 123086 net optional 
libapr0_2.0.49-1_powerpc.deb
 a5fbff614ddbb6f2e33d4d7ed7ed8186 260914 libdevel optional 
libapr0-dev_2.0.49-1_powerpc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iQIVAwUBQHAS3LVnlGdHP376AQKXfxAAqN2hhLqhLbJmkZpBPTqx2fqTxaBgtwwp
NdEhbOg+pI9Xgmzi6LRFnlNFKYltWxwI/+hBZwUwlQyRrsCfoCyKIZKAtiEzS5tY
8D425Ve2akq6324Yq7ufOLLHDbe4zmMVL6F/bUSl5VdhPNdXFiqh0qjrgO7/lNA5
UMqpo+OWObkpJ3rDFNYnc/rywSnPJgIib5CUuzYpN8ixguSQPe3sa8uL6yjuHnj9
lr88xp3sp7MbS/LnJR9E8Y5IN8+QRUP3qwjuK6x5+frF998P+YoNTMrE6lvWFN16
OIqbYqAGdt3b9cYMPkFoEjxfVBsE+8z/K9UwkeTcZ6l+/Nzf+0YptF6mE3ykpF33
XcUnLFFhBoCfT2CHLCGMEZpwDUClReFsSu/stz5Es0YiopFWgOy1nWGARICxx2dg
78/RzH2emF0khBCPs5uJTnwMDfAIs9lJVt6zrjqjyKMTzULNwa/lKVXgcNbRfTE0
ka9RCnK9RWyYV9JgZQCEvI5sM5vXwWY0d56HkT56zBbSy8JRrJGYjzW4Y7NwJ6Z8
I+NNCHfWwg2RyuZgeOAeyGdVXyRdMTpuK/uHyDxrJebhamGJAZAQ4IHHUv0PfJZd
VrhXswgRFFno/DIa0cRpC8Lh0M32jyKpwuWzVwcnUWZWZkM51kNUfer1b0IoUgVx
x9NOivvtZEg=
=+niV
-----END PGP SIGNATURE-----

Bug#240100: marked as done (apache2: multiple security vulnerabilities fixed in new upstream release)

Reply via email to