Bug#425836: marked as done ([CVE-2007-1860] A double encoded ".." in a URL can be used to access URLs on the AJP backend)

Debian Bug Tracking System Sun, 03 Jun 2007 04:08:32 -0700

Your message dated Sun, 03 Jun 2007 11:02:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#425836: fixed in libapache-mod-jk 1:1.2.23-1
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

Package: libapache2-mod-jk
Version: 1:1.2.22-1
Severity: grave
Tags: security

As stated at http://tomcat.apache.org/connectors-doc/ the 1.2.22
version of jk connector is affected from CVE-2007-1860 

Please provide the 1.2.23 version.

Regards

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-4-686 (SMP w/2 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

-- 
---------------------------------------------------------------------
|    Marco Nenciarini    | Debian/GNU Linux Developer - Plug Member |
| [EMAIL PROTECTED] | http://www.prato.linux.it/~mnencia       |
---------------------------------------------------------------------
Key fingerprint = FED9 69C7 9E67 21F5 7D95  5270 6864 730D F095 E5E4

signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

Source: libapache-mod-jk
Source-Version: 1:1.2.23-1

We believe that the bug you reported is fixed in the latest version of
libapache-mod-jk, which is due to be installed in the Debian FTP archive:

libapache-mod-jk-doc_1.2.23-1_all.deb
  to pool/main/liba/libapache-mod-jk/libapache-mod-jk-doc_1.2.23-1_all.deb
libapache-mod-jk_1.2.23-1.diff.gz
  to pool/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.23-1.diff.gz
libapache-mod-jk_1.2.23-1.dsc
  to pool/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.23-1.dsc
libapache-mod-jk_1.2.23-1_i386.deb
  to pool/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.23-1_i386.deb
libapache-mod-jk_1.2.23.orig.tar.gz
  to pool/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.23.orig.tar.gz
libapache2-mod-jk_1.2.23-1_i386.deb
  to pool/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.23-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Koch <[EMAIL PROTECTED]> (supplier of updated libapache-mod-jk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat,  2 Jun 2007 23:14:13 +0200
Source: libapache-mod-jk
Binary: libapache-mod-jk libapache2-mod-jk libapache-mod-jk-doc
Architecture: source all i386
Version: 1:1.2.23-1
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers <[EMAIL PROTECTED]>
Changed-By: Michael Koch <[EMAIL PROTECTED]>
Description: 
 libapache-mod-jk - Apache 1.3 connector for the Tomcat Java servlet engine
 libapache-mod-jk-doc - Documentation of libapache-mod-jk/libapache2-mod-jk 
packages
 libapache2-mod-jk - Apache 2 connector for the Tomcat Java servlet engine
Closes: 425836
Changes: 
 libapache-mod-jk (1:1.2.23-1) unstable; urgency=high
 .
   * New upstream release.
     - Forward unparsed URI to tomcat. Closes: #425836.
       CVE-2007-1860
Files: 
 5a87fc6475334140b1e49844d1895707 926 web optional libapache-mod-jk_1.2.23-1.dsc
 4302ff93b5357772444eeed9f843a81e 1368060 web optional 
libapache-mod-jk_1.2.23.orig.tar.gz
 b8c5b169eef1643cdefc594273716469 31991 web optional 
libapache-mod-jk_1.2.23-1.diff.gz
 a57cd261e4d270f82fe679d7644d08a2 117346 web optional 
libapache-mod-jk_1.2.23-1_i386.deb
 61f9a3121626fdad076016538a515925 120796 web optional 
libapache2-mod-jk_1.2.23-1_i386.deb
 854ca3b7b4a47443d839135d4926d824 141114 doc optional 
libapache-mod-jk-doc_1.2.23-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGYpyOWSOgCCdjSDsRAqB7AJ9fbuON2UuFLsDCRSfoy2zDpgPZVgCeIwER
M9Xa/vvtFtD9bvNrOmHrpBo=
=XxlY
-----END PGP SIGNATURE-----

--- End Message ---

Bug#425836: marked as done ([CVE-2007-1860] A double encoded ".." in a URL can be used to access URLs on the AJP backend)

Reply via email to