Your message dated Sat, 27 Jun 2009 16:04:31 +0000 with message-id <e1mkaof-00013k...@ries.debian.org> and subject line Bug#523054: fixed in libapache-mod-jk 1:1.2.26-2+lenny1 has caused the Debian Bug report #523054, regarding libapache2-mod-jk: [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 523054: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523054 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libapache2-mod-jk Version: 1:1.2.26-2 Severity: grave Tags: security Justification: user security hole The Apache Tomcat Security Team has released the following advisory : Vulnerability announcement: CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability Severity: important Vendor: The Apache Software Foundation Versions Affected: mod_jk 1.2.0 to 1.2.26 Description: Situations where faulty clients set Content-Length without providing data, or where a user submits repeated requests very quickly may permit one user to view the response associated with a different user's request. Mitigation: Upgrade to mod_jk 1.2.27 or later Example: See description Credit: This issue was discovered by the Red Hat Security Response Team References: http://tomcat.apache.org/security.html http://tomcat.apache.org/security-jk.html -- Damien Raude-Morvansignature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: libapache-mod-jk Source-Version: 1:1.2.26-2+lenny1 We believe that the bug you reported is fixed in the latest version of libapache-mod-jk, which is due to be installed in the Debian FTP archive: libapache-mod-jk-doc_1.2.26-2+lenny1_all.deb to pool/main/liba/libapache-mod-jk/libapache-mod-jk-doc_1.2.26-2+lenny1_all.deb libapache-mod-jk_1.2.26-2+lenny1.diff.gz to pool/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.26-2+lenny1.diff.gz libapache-mod-jk_1.2.26-2+lenny1.dsc to pool/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.26-2+lenny1.dsc libapache2-mod-jk_1.2.26-2+lenny1_i386.deb to pool/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 523...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stefan Fritsch <s...@debian.org> (supplier of updated libapache-mod-jk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 31 May 2009 20:33:52 +0200 Source: libapache-mod-jk Binary: libapache2-mod-jk libapache-mod-jk-doc Architecture: source i386 all Version: 1:1.2.26-2+lenny1 Distribution: stable-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Stefan Fritsch <s...@debian.org> Description: libapache-mod-jk-doc - Documentation of libapache2-mod-jk package libapache2-mod-jk - Apache 2 connector for the Tomcat Java servlet engine Closes: 523054 Changes: libapache-mod-jk (1:1.2.26-2+lenny1) stable-security; urgency=high . * Non-maintainer upload by the security-team. * CVE-2008-5519: Fix information disclosure vulnerability when clients abort connection before sending POST body (closes: #523054). Checksums-Sha1: a13a270b5dc2af1382b3fe30fa3452706984a195 1336 libapache-mod-jk_1.2.26-2+lenny1.dsc e0eacd0c86b25b4f97181b77c73865143a93124f 12187 libapache-mod-jk_1.2.26-2+lenny1.diff.gz c4a1bef1c13d6253c2c3f6d86aebe0b1f288e0e0 109874 libapache2-mod-jk_1.2.26-2+lenny1_i386.deb de0d7a8b1bc59a9c08d153d90dbd11662ac04448 169998 libapache-mod-jk-doc_1.2.26-2+lenny1_all.deb 08d577fd517283182bf1ef491ab31ed1fe5fa0fe 1442605 libapache-mod-jk_1.2.26.orig.tar.gz Checksums-Sha256: 22145f0736fe73f22ed8a5611f417d82dccdf3e7e8ca4ded2330983b42da387f 1336 libapache-mod-jk_1.2.26-2+lenny1.dsc a5a555170c1539983e1a8e73f421606815af67916ea98f73eff77dbf321b96ab 12187 libapache-mod-jk_1.2.26-2+lenny1.diff.gz 2bb9e40b30f42f8202486812f73123637632a25ae8351d2ee1eee1b94d69a80f 109874 libapache2-mod-jk_1.2.26-2+lenny1_i386.deb 803637f7c7ac6c7bd6eaa4aeb9ec455b50d1bfe169bd899ad4f95d6a862df574 169998 libapache-mod-jk-doc_1.2.26-2+lenny1_all.deb 75c2ef701622394536be2e0a2e5cf38330e8bb1078d683a733769a8c49a5381a 1442605 libapache-mod-jk_1.2.26.orig.tar.gz Files: 7070da05cbe8200e7d92dbfe9228ab0e 1336 web optional libapache-mod-jk_1.2.26-2+lenny1.dsc 8b6e6b0abd76bae90c99c50ab1fee027 12187 web optional libapache-mod-jk_1.2.26-2+lenny1.diff.gz bf54bb8f3489715932e5a07739a63dc4 109874 web optional libapache2-mod-jk_1.2.26-2+lenny1_i386.deb d31f4efe7b78e94bf1c7cffabce17c6b 169998 doc optional libapache-mod-jk-doc_1.2.26-2+lenny1_all.deb feaec245136bc4d99a9dde95a00ea93c 1442605 web optional libapache-mod-jk_1.2.26.orig.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKIuT1bxelr8HyTqQRAjQCAJ9YZjFlq8QLidjlI3f3JxDM5l9YpACg0lrf KH83Gor8WxQVmRgfTBKokHo= =syoX -----END PGP SIGNATURE-----
--- End Message ---