Your message dated Thu, 26 Jan 2006 18:38:57 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#349793: apache-common: Cross-site scripting (XSS) vulnerability in the mod_imap module has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 25 Jan 2006 10:07:17 +0000 >From [EMAIL PROTECTED] Wed Jan 25 02:07:17 2006 Return-path: <[EMAIL PROTECTED]> Received: from mail.lobefin.net ([82.71.90.98]) by spohr.debian.org with esmtp (Exim 4.50) id 1F1hYa-00073a-W6 for [EMAIL PROTECTED]; Wed, 25 Jan 2006 02:07:17 -0800 Received: from lobefin.net ([82.71.90.97] helo=hadrian.lobefin.net ident=Debian-exim) by mail.lobefin.net with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1F1hYV-0006A5-9W for [EMAIL PROTECTED]; Wed, 25 Jan 2006 10:07:11 +0000 Received: from steve by hadrian.lobefin.net with local (Exim 4.50) id 1F1hYZ-00077G-M9 for [EMAIL PROTECTED]; Wed, 25 Jan 2006 10:07:15 +0000 Date: Wed, 25 Jan 2006 10:07:15 +0000 From: Stephen Gran <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: apache-common: Cross-site scripting (XSS) vulnerability in the mod_imap module Message-ID: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jI8keyz6grp/JLjh" Content-Disposition: inline X-Reportbug-Version: 3.8 X-Editor: VIM - Vi IMproved 6.3 X-OS: Linux hadrian 2.6.8-2-686-smp i686 X-Uptime: 18:23 X-Latin: Hodie octavo Kalendas Februarias MMDCCLIX ab urbe condita est X-Date: Today is Setting Orange, the 25th day of Chaos in the YOLD 3172 X-DDate: Only 2430851 Shopping Days Left Before X-Day. Wibble. X-Motto: debian/rules User-Agent: Mutt/1.5.9i X-Authenticated-Sender: steve X-Scanned-By: ClamAV 0.88/1248 on mail.lobefin.net; Wed, 25 Jan 2006 10:07:11 +0000 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 --jI8keyz6grp/JLjh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Package: apache-common Version: 1.3.33-6sarge1 Severity: grave Tags: security http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2005-3352 Thanks, -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686-smp Locale: LANG=3Den_US.ISO-8859-1, LC_CTYPE=3Den_US.ISO-8859-1 (charmap=3DISO= -8859-1) (ignored: LC_ALL set to en_US.ISO-8859-1) Versions of packages apache-common depends on: ii apache2-utils 2.0.54-5 utility programs for webservers ii debconf 1.4.30.13 Debian configuration managemen= t sy ii elinks [www-browser] 0.10.4-7 advanced text-mode WWW browser ii libc6 2.3.2.ds1-22 GNU C Library: Shared librarie= s an ii libdb4.2 4.2.52-18 Berkeley v4.2 Database Librari= es [ ii libexpat1 1.95.8-3 XML parsing C library - runtim= e li ii lynx [www-browser] 2.8.5-2sarge1 Text-mode WWW Browser ii mime-support 3.28-1 MIME files 'mime.types' & 'mai= lcap ii mozilla-browser [www-bro 2:1.7.8-1sarge3 The Mozilla Internet applicati= on s ii perl 5.8.4-8sarge3 Larry Wall's Practical Extract= ion=20 ii sed 4.1.2-8 The GNU sed stream editor ii ucf 1.17 Update Configuration File: pre= serv ii w3m [www-browser] 0.5.1-3 WWW browsable pager with excel= lent -- debconf information: * apache-common/confignotes: apache-common/old-logrotate-exists: apache-common/logs: apache-shared/debconf-modules: mod_vhost_alias, mod_userdir, mod_unique_i= d, mod_status, mod_setenvif, mod_rewrite, mod_negotiation, mod_mime_ssl, mo= d_mime_magic, mod_log_config_ssl, mod_info, mod_expires, mod_dir, mod_cgi, = mod_autoindex, mod_auth_ssl, mod_alias, mod_access, apache-ssl, mod_php4 apache-shared/restart: false --=20 ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | ----------------------------------------------------------------- --jI8keyz6grp/JLjh Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFD103TSYIMHOpZA44RAn0FAKCdps8SsHd5L9NLm6/Oa5uk3GKwKQCgt+CP asS9r3WN5ZFlKaaj3QZDvI0= =b92C -----END PGP SIGNATURE----- --jI8keyz6grp/JLjh-- --------------------------------------- Received: (at 349793-done) by bugs.debian.org; 26 Jan 2006 18:39:00 +0000 >From [EMAIL PROTECTED] Thu Jan 26 10:39:00 2006 Return-path: <[EMAIL PROTECTED]> Received: from mail.lobefin.net ([82.71.90.98]) by spohr.debian.org with esmtp (Exim 4.50) id 1F2C1L-0004t7-Gp for [EMAIL PROTECTED]; Thu, 26 Jan 2006 10:39:00 -0800 Received: from lobefin.net ([82.71.90.97] helo=hadrian.lobefin.net ident=Debian-exim) by mail.lobefin.net with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1F2C1I-0006Hp-GW; Thu, 26 Jan 2006 18:38:56 +0000 Received: from steve by hadrian.lobefin.net with local (Exim 4.50) id 1F2C1J-0000xC-Bt; Thu, 26 Jan 2006 18:38:57 +0000 Date: Thu, 26 Jan 2006 18:38:57 +0000 From: Stephen Gran <[EMAIL PROTECTED]> To: Florian Weimer <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] Subject: Re: Bug#349793: apache-common: Cross-site scripting (XSS) vulnerability in the mod_imap module Message-ID: <[EMAIL PROTECTED]> References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="CblX+4bnyfN0pR09" Content-Disposition: inline In-Reply-To: <[EMAIL PROTECTED]> X-Editor: VIM - Vi IMproved 6.3 X-OS: Linux hadrian 2.6.8-2-686-smp i686 X-Uptime: 1 day X-Latin: Hodie octavo Kalendas Februarias MMDCCLIX ab urbe condita est X-Date: Today is Setting Orange, the 25th day of Chaos in the YOLD 3172 X-DDate: Only 2430851 Shopping Days Left Before X-Day. Grudnuk demand sustenance! X-Motto: debian/rules User-Agent: Mutt/1.5.9i X-Authenticated-Sender: steve X-Scanned-By: ClamAV 0.88/1252 on mail.lobefin.net; Thu, 26 Jan 2006 18:38:56 +0000 X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 --CblX+4bnyfN0pR09 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable This one time, at band camp, Florian Weimer said: > * Stephen Gran: >=20 > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2005-3352 >=20 > Uhm, hasn't this been fixed in apache 1.3.34-2 (bug #343466) and > apache2 2.0.55-4 (bug #343467)? It may have been - I was working from http://www.debian.org/security/crossreferences, and CVE-2005-3352 does not appear on that page, as far as I can tell. My quick glance over the bug pages for apache and apache2 didn't turn up those bugs, but now I see them rather obviously, so I am sorry for the waste of your time. I guess the problem is my template was what has been fixed in sarge, not what has already been reported and fixed in sid. Sorry for the noise, closing now. --=20 ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | ----------------------------------------------------------------- --CblX+4bnyfN0pR09 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFD2RdBSYIMHOpZA44RAtwWAKCQ3fpa0TQAIMWf322LNsuo9PMbKwCfV5gD TTxlBbqRlxMNHydlTwqdyck= =/Noa -----END PGP SIGNATURE----- --CblX+4bnyfN0pR09-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]