Bug#678529: marked as done ([CVE-2012-2751] mod_security multi-part bypass)

Fri, 06 Jul 2012 15:21:23 -0700 

Your message dated Fri, 06 Jul 2012 22:17:26 +0000
with message-id <e1sngq6-0003ag...@franck.debian.org>
and subject line Bug#678529: fixed in libapache-mod-security 2.5.12-1+squeeze1
has caused the Debian Bug report #678529,
regarding [CVE-2012-2751] mod_security multi-part bypass
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
678529: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678529
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: libapache-mod-security
Severity: grave
Tags: security patch

The following vulnerability had been reported against mod-security: 
http://www.openwall.com/lists/oss-security/2012/06/22/1

The patch can be found in the report.

Please use CVE-2012-2751 for this issue.

Cheers,
luciano

--- End Message ---
--- Begin Message --- 
Source: libapache-mod-security
Source-Version: 2.5.12-1+squeeze1

We believe that the bug you reported is fixed in the latest version of
libapache-mod-security, which is due to be installed in the Debian FTP archive:

libapache-mod-security_2.5.12-1+squeeze1.debian.tar.gz
  to 
main/liba/libapache-mod-security/libapache-mod-security_2.5.12-1+squeeze1.debian.tar.gz
libapache-mod-security_2.5.12-1+squeeze1.dsc
  to 
main/liba/libapache-mod-security/libapache-mod-security_2.5.12-1+squeeze1.dsc
libapache-mod-security_2.5.12-1+squeeze1_i386.deb
  to 
main/liba/libapache-mod-security/libapache-mod-security_2.5.12-1+squeeze1_i386.deb
mod-security-common_2.5.12-1+squeeze1_all.deb
  to 
main/liba/libapache-mod-security/mod-security-common_2.5.12-1+squeeze1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 678...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alberto Gonzalez Iniesta <a...@inittab.org> (supplier of updated 
libapache-mod-security package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 02 Jul 2012 14:47:33 +0000
Source: libapache-mod-security
Binary: libapache-mod-security mod-security-common
Architecture: source all i386
Version: 2.5.12-1+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Alberto Gonzalez Iniesta <a...@inittab.org>
Changed-By: Alberto Gonzalez Iniesta <a...@inittab.org>
Description: 
 libapache-mod-security - Tighten web applications security for Apache
 mod-security-common - Tighten web applications security - common files
Closes: 678529
Changes: 
 libapache-mod-security (2.5.12-1+squeeze1) stable-security; urgency=high
 .
   * CVE-2012-2751: Fix multi-part bypass due to wrong quoting.
     Applied backported patch from 2.6.6. (Closes: #678529)
Checksums-Sha1: 
 33411b2ef27c463559fe810914264a951975281c 1280 
libapache-mod-security_2.5.12-1+squeeze1.dsc
 eb2068e5d31525fa53769dabd1a1c65896fd4e76 1392209 
libapache-mod-security_2.5.12.orig.tar.gz
 1face7b26b98e6dc784fcfdcfb30ba1f9a18fe59 9283 
libapache-mod-security_2.5.12-1+squeeze1.debian.tar.gz
 d087ea1a99483046ff764d025e9d9737e2a5755a 961904 
mod-security-common_2.5.12-1+squeeze1_all.deb
 e73b7daa67a364c6d9d1494ad933919b075e6d73 114284 
libapache-mod-security_2.5.12-1+squeeze1_i386.deb
Checksums-Sha256: 
 b8c94531146907dcd9358a81d16902c97f9794104e5f3828c5ba94d50fe1e91b 1280 
libapache-mod-security_2.5.12-1+squeeze1.dsc
 168bb6591a0f9665169e0ed223a00d63a1c87e11d1e56388abcf431f30efaa84 1392209 
libapache-mod-security_2.5.12.orig.tar.gz
 3ef041791a7c3486218516bc2cacc668dd33eaf9e2b1356a1cf7ba8f7f2ef79d 9283 
libapache-mod-security_2.5.12-1+squeeze1.debian.tar.gz
 0e79047b58e7e6d6aab3fd2b6bb89b09b395e862f023a8f02eb81edf4c2ed2b7 961904 
mod-security-common_2.5.12-1+squeeze1_all.deb
 4673352a039192584c72dc7e9b749d347035f6af37e3812a289e87a09a79cb17 114284 
libapache-mod-security_2.5.12-1+squeeze1_i386.deb
Files: 
 41085fbf6b36ca001f951f5738c793b4 1280 httpd optional 
libapache-mod-security_2.5.12-1+squeeze1.dsc
 f7d14b97bbe54ecb953125b0f9b87a24 1392209 httpd optional 
libapache-mod-security_2.5.12.orig.tar.gz
 03d862ccce318caeed06774a5f02f0f1 9283 httpd optional 
libapache-mod-security_2.5.12-1+squeeze1.debian.tar.gz
 1b16c77e06bb3c3541b381f12bf864d0 961904 httpd optional 
mod-security-common_2.5.12-1+squeeze1_all.deb
 da53495c81bbd93b5d2dce9d94c24436 114284 httpd optional 
libapache-mod-security_2.5.12-1+squeeze1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk/x05kACgkQxRSvjkukAcMLTwCfV/OA0ce+p6X3KCiS/kZ3Ezlb
NrIAnjZMOL0Cbj4p+aIcEe+gzPQWVvT7
=+sRL
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to