Bug#601585: marked as done (weborf: DoS on malformed requests)

Fri, 29 Oct 2010 08:36:17 -0700 

Your message dated Fri, 29 Oct 2010 15:32:06 +0000
with message-id <[email protected]>
and subject line Bug#601585: fixed in weborf 0.12.4-1
has caused the Debian Bug report #601585,
regarding weborf: DoS on malformed requests
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
601585: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601585
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: weborf
Version: 0.12.3-1
Severity: grave
Tags: security upstream
Justification: user security hole

Example of exploit here:

https://galileo.dmi.unict.it/wiki/weborf/doku.php?id=news:released_0.12.4



-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'experimental'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.35.7-calipso (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages weborf depends on:
ii  libc6                         2.11.2-6   Embedded GNU C Library: Shared lib

weborf recommends no packages.

Versions of packages weborf suggests:
ii  php5-cgi                      5.3.3-2    server-side, HTML-embedded scripti

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: weborf
Source-Version: 0.12.4-1

We believe that the bug you reported is fixed in the latest version of
weborf, which is due to be installed in the Debian FTP archive:

weborf-daemon_0.12.4-1_all.deb
  to main/w/weborf/weborf-daemon_0.12.4-1_all.deb
weborf_0.12.4-1.debian.tar.gz
  to main/w/weborf/weborf_0.12.4-1.debian.tar.gz
weborf_0.12.4-1.dsc
  to main/w/weborf/weborf_0.12.4-1.dsc
weborf_0.12.4-1_i386.deb
  to main/w/weborf/weborf_0.12.4-1_i386.deb
weborf_0.12.4.orig.tar.gz
  to main/w/weborf/weborf_0.12.4.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvo 'LtWorf' Tomaselli <[email protected]> (supplier of updated weborf 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 27 Oct 2010 16:01:35 +0200
Source: weborf
Binary: weborf weborf-daemon
Architecture: source i386 all
Version: 0.12.4-1
Distribution: unstable
Urgency: high
Maintainer: Salvo 'LtWorf' Tomaselli <[email protected]>
Changed-By: Salvo 'LtWorf' Tomaselli <[email protected]>
Description: 
 weborf     - Fast and small webserver meant to be run without root privileges
 weborf-daemon - init script for weborf
Closes: 601585
Changes: 
 weborf (0.12.4-1) unstable; urgency=high
 .
   * New upstream release
   * Fixes DoS (Closes: #601585)
Checksums-Sha1: 
 b61b8fb471ad9a798dac982ee3b426e06224ce61 1049 weborf_0.12.4-1.dsc
 f038df807997dc0d68f549cc325a1bb2c1a50706 58220 weborf_0.12.4.orig.tar.gz
 81227144537870ff4ac9b711ad989eb49238f226 3429 weborf_0.12.4-1.debian.tar.gz
 5c110fd90a98eee5b6095d02a1a6441bb197ae62 28098 weborf_0.12.4-1_i386.deb
 f1892468627b91f30924ef9d3c92fe25ece51893 10208 weborf-daemon_0.12.4-1_all.deb
Checksums-Sha256: 
 70c8187678a06b6cc5d8da51a85c47dd9478a7b6002876a1e387a423c5b6748e 1049 
weborf_0.12.4-1.dsc
 084bed0e9a19fa76b7ad899995e51530d0a4ccd554306dcfb048d311abbd8d96 58220 
weborf_0.12.4.orig.tar.gz
 d63e3053b69cde0565ebe4612a0b5e1da3f5c478b940a73f92bae54f32a3ebe8 3429 
weborf_0.12.4-1.debian.tar.gz
 ab2a3a423be3d3147370e24156e2ffdc5613331de611b962f10c2aecc05aa94a 28098 
weborf_0.12.4-1_i386.deb
 c41cb4c1f0c238acbbfa0eea871e133f7dd8f81be85e4ef980be4f2942561733 10208 
weborf-daemon_0.12.4-1_all.deb
Files: 
 dba90b68ee3bad2c0b10ba8f4947e968 1049 httpd optional weborf_0.12.4-1.dsc
 c6932626d9a477da004345332f5fd896 58220 httpd optional weborf_0.12.4.orig.tar.gz
 742cbd17063365a03ae29bb7b57f053f 3429 httpd optional 
weborf_0.12.4-1.debian.tar.gz
 044c223870ef1d76a186714f14700255 28098 httpd optional weborf_0.12.4-1_i386.deb
 339a08da53ab12e5a5b7a6e989130236 10208 httpd optional 
weborf-daemon_0.12.4-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkzK540ACgkQ5qqQFxOSsXS+4wCeKDGcUHN/6Rjrk8WV1i4ZJRyX
KEgAnivLN8hLGnb51crGuZFnDQcDXAJ9
=CFgr
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to