Your message dated Sat, 10 Apr 2010 23:20:09 +0100 (WEST)
with message-id <[email protected]>
and subject line Package libapache-mod-ssl has been removed from Debian
has caused the Debian Bug report #556942,
regarding CVE-2009-3555: SSL/TLS renegotiation vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
556942: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=556942
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libapache-mod-ssl
Severity: grave
Tags: security
Justification: user security hole
This is CVE-2009-3555 and is related to
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555829
I think there's no upstream fix for modssl atm, nevertheless this should
be tracked somewhere. Perhaps libapache-mod-ssl should be listed at
http://security-tracker.debian.org/tracker/CVE-2009-3555 as well.
-- System Information:
Debian Release: 4.0
APT prefers oldstable
APT policy: (500, 'oldstable')
Architecture: i386 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.30.5-grsec
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
--- End Message ---
--- Begin Message ---
Version: 2.8.25-2+rm
You filed the bug http://bugs.debian.org/556942 in Debian BTS
against the package libapache-mod-ssl. I'm closing it at *unstable*, but it will
remain open for older distributions.
For more information about this package's removal, read
http://bugs.debian.org/422318. That bug might give the reasons why
this package was removed and suggestions of possible replacements.
Don't hesitate to reply to this mail if you have any question.
Thank you for your contribution to Debian.
--
Marco Rodrigues
--- End Message ---