** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-6203
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing lis
http://www.ubuntu.com/usn/USN-731-1
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://li
Fix released in http://www.ubuntu.com/usn/USN-731-1
** Changed in: apache2 (Ubuntu Dapper)
Status: Fix Committed => Fix Released
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs,
This bug was fixed in the package apache2 - 2.2.8-1ubuntu0.4
---
apache2 (2.2.8-1ubuntu0.4) hardy-security; urgency=low
[ Emanuele Gentili ]
* SECURITY UPDATE:
+ debian/patches/201_security_CVE-2008-2364.dpatch (LP: #239894)
- The ap_proxy_http_process_response function in
This bug was fixed in the package apache2 - 2.2.4-3ubuntu0.2
---
apache2 (2.2.4-3ubuntu0.2) gutsy-security; urgency=low
[ Emanuele Gentili ]
* SECURITY UPDATE:
+ debian/patches/111_CVE-2008-2364.dpatch (LP: #239894)
- The ap_proxy_http_process_response function in mod_proxy
** Changed in: apache2 (Ubuntu Dapper)
Assignee: Emanuele Gentili (emgent) => Marc Deslauriers (mdeslaur)
Status: In Progress => Fix Committed
** Changed in: apache2 (Ubuntu Gutsy)
Assignee: Emanuele Gentili (emgent) => Marc Deslauriers (mdeslaur)
Status: In Progress => Fix
** Changed in: apache2 (Ubuntu)
Status: Fix Released => New
** Changed in: apache2 (Ubuntu)
Status: New => In Progress
** Changed in: apache2 (Ubuntu)
Status: In Progress => Fix Released
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
Yo
** Changed in: apache2 (Ubuntu Dapper)
Importance: High => Low
** Changed in: apache2 (Ubuntu Feisty)
Importance: High => Low
** Changed in: apache2 (Ubuntu Gutsy)
Importance: High => Low
** Changed in: apache2 (Ubuntu Hardy)
Importance: High => Low
** Changed in: apache2 (Ubuntu)
** Changed in: apache2 (Ubuntu Feisty)
Status: In Progress => Won't Fix
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing l
Please could someone mark this as Won't Fix for Feisty?
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.u
POC:
http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/security/CVE-2008-2364.t?revision=666283&view=markup
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
Upstream fix for apache 2.0.X.
http://archive.apache.org/dist/httpd/patches/apply_to_2.0.63/CVE-2008-2364-patch-2.0.txt
I will complete dapper fix and tests tomorrow.
E.
** Changed in: apache2 (Ubuntu Dapper)
Importance: Undecided => High
Status: Confirmed => In Progress
** Changed i
more info avaiable here:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
Upstream has no plans to backport the fix due to how unlikely the
situation is.
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing
Based on the CVE, apache2 in Dapper *is* vulnerable, but the backporting
of this fix isn't trivial. Emgent, can you describe your testing
environment? That would help in testing the Dapper backport.
** Changed in: apache2 (Ubuntu Dapper)
Status: New => Confirmed
--
CVE-2008-2364 Apache2
** Changed in: apache2 (Ubuntu)
Status: In Progress => Fix Released
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
** Changed in: apache2 (Ubuntu Feisty)
Assignee: (unassigned) => Emanuele Gentili (emgent)
** Changed in: apache2 (Ubuntu Gutsy)
Assignee: (unassigned) => Emanuele Gentili (emgent)
** Changed in: apache2 (Ubuntu Hardy)
Assignee: (unassigned) => Emanuele Gentili (emgent)
--
CVE-20
Security issue in Intrepid Ibex fixed by Chuck Short with Debian Merge.
** Attachment removed: "intrepid_apache2_2.2.8-4ubuntu3.debdiff"
http://launchpadlibrarian.net/15307756/intrepid_apache2_2.2.8-4ubuntu3.debdiff
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/
Packages should build-depend on libdb-dev, not a specific version. The
new standard db version in Intrepid is 4.7, we shouldn't proliferate
4.6.
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubun
** Changed in: apache2 (Ubuntu Feisty)
Importance: Undecided => High
Status: New => In Progress
** Changed in: apache2 (Ubuntu Gutsy)
Importance: Undecided => High
Status: New => In Progress
** Changed in: apache2 (Ubuntu Hardy)
Importance: Undecided => High
Status:
fixed in 2.2.9, which has been uploaded to Debian
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.
** Attachment added: "intrepid_apache2_2.2.8-4ubuntu3.debdiff"
http://launchpadlibrarian.net/15307756/intrepid_apache2_2.2.8-4ubuntu3.debdiff
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ub
libdb4.6-dev (source: db4.6) is in intrepid again (and should appear
soon on the archive).
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bu
according to CVE/upstream dapper apache2 version not affected.
[EMAIL PROTECTED]:~$ rmadison apache2
apache2 | 2.0.55-4ubuntu2 |dapper | source, amd64, i386, powerpc
apache2 | 2.0.55-4ubuntu2.3 | dapper-security | source, amd64, i386, powerpc
apache2 | 2.0.55-4ubuntu2.3 | dapper-u
@Pitti: can you write here when you solve libdb4.6-dev problem in
intrepid?
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
** Attachment added: "feisty_security_apache2_2.2.3-3.2ubuntu2.2.debdiff"
http://launchpadlibrarian.net/15294355/feisty_security_apache2_2.2.3-3.2ubuntu2.2.debdiff
** Changed in: apache2 (Ubuntu)
Status: Confirmed => In Progress
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://b
** Attachment added: "hardy_security_apache2_2.2.8-1ubuntu0.1.debdiff"
http://launchpadlibrarian.net/15293694/hardy_security_apache2_2.2.8-1ubuntu0.1.debdiff
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you ar
** Attachment added: "gutsy_security_apache2_2.2.4-3ubuntu0.2.debdiff"
http://launchpadlibrarian.net/15293240/gutsy_security_apache2_2.2.4-3ubuntu0.2.debdiff
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you ar
UPSTREAM FIX:
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154&r2=666153&pathrev=666154
--
CVE-2008-2364 Apache2 mod_proxy_http.c DOS
https://bugs.launchpad.net/bugs/239894
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Intrepid fix avaiable by upstream and work fine to solve the problem.
Actually build faild:
libaprutil1-dev: Depends: libdb4.6-dev but it is not installable
more info:
https://edge.launchpad.net/ubuntu/intrepid/i386/libdb4.6-dev
(i will attach it later)
--
CVE-2008-2364 Apache2 mod_proxy_ht
30 matches
Mail list logo
