apache2_2.2.3-4+etch6_i386.changes ACCEPTED

[Debian Installer]

Accepted:
apache2-doc_2.2.3-4+etch6_all.deb
  to pool/main/a/apache2/apache2-doc_2.2.3-4+etch6_all.deb
apache2-mpm-event_2.2.3-4+etch6_i386.deb
  to pool/main/a/apache2/apache2-mpm-event_2.2.3-4+etch6_i386.deb
apache2-mpm-perchild_2.2.3-4+etch6_all.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch6_all.deb
apache2-mpm-prefork_2.2.3-4+etch6_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch6_i386.deb
apache2-mpm-worker_2.2.3-4+etch6_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch6_i386.deb
apache2-prefork-dev_2.2.3-4+etch6_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch6_i386.deb
apache2-src_2.2.3-4+etch6_all.deb
  to pool/main/a/apache2/apache2-src_2.2.3-4+etch6_all.deb
apache2-threaded-dev_2.2.3-4+etch6_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch6_i386.deb
apache2-utils_2.2.3-4+etch6_i386.deb
  to pool/main/a/apache2/apache2-utils_2.2.3-4+etch6_i386.deb
apache2.2-common_2.2.3-4+etch6_i386.deb
  to pool/main/a/apache2/apache2.2-common_2.2.3-4+etch6_i386.deb
apache2_2.2.3-4+etch6.diff.gz
  to pool/main/a/apache2/apache2_2.2.3-4+etch6.diff.gz
apache2_2.2.3-4+etch6.dsc
  to pool/main/a/apache2/apache2_2.2.3-4+etch6.dsc
apache2_2.2.3-4+etch6_all.deb
  to pool/main/a/apache2/apache2_2.2.3-4+etch6_all.deb


Override entries for your package:
apache2-doc_2.2.3-4+etch6_all.deb - optional doc
apache2-mpm-event_2.2.3-4+etch6_i386.deb - optional web
apache2-mpm-perchild_2.2.3-4+etch6_all.deb - optional web
apache2-mpm-prefork_2.2.3-4+etch6_i386.deb - optional web
apache2-mpm-worker_2.2.3-4+etch6_i386.deb - optional web
apache2-prefork-dev_2.2.3-4+etch6_i386.deb - optional devel
apache2-src_2.2.3-4+etch6_all.deb - extra devel
apache2-threaded-dev_2.2.3-4+etch6_i386.deb - optional devel
apache2-utils_2.2.3-4+etch6_i386.deb - optional web
apache2.2-common_2.2.3-4+etch6_i386.deb - optional web
apache2_2.2.3-4+etch6.dsc - optional web
apache2_2.2.3-4+etch6_all.deb - optional web

Announcing to [EMAIL PROTECTED]
Closing bugs: 470652 489899 


Thank you for your contribution to Debian.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#489899: marked as done (apache2-utils htpasswd bogus compromised md5 factor)

[Debian Bug Tracking System]

Your message dated Mon, 08 Sep 2008 07:52:21 +
with message-id [EMAIL PROTECTED]
and subject line Bug#489899: fixed in apache2 2.2.3-4+etch6
has caused the Debian Bug report #489899,
regarding apache2-utils htpasswd bogus compromised md5 factor
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
489899: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489899
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
---BeginMessage---
Package: apache2-utils
Version: 2.2.3-4+etch4
Severity: normal


Version 2.2.3-4+etch4 of apache2-utils contains an `htpasswd`
that does this:

  [EMAIL PROTECTED]:~$ htpasswd -mbn foo bar
  foo:$apr1$.C9HN...$VJYoF1cM6sqQkjgiltBWA1

  [EMAIL PROTECTED]:~$ htpasswd -mbn foo bar
  foo:$apr1$efQG5/..$nBF0.shj9dPcq9ES/5X4c1

  [EMAIL PROTECTED]:~$ htpasswd -mbn foo bar
  foo:$apr1$/lc/X...$9BYnNWXTOxIgtkwNbY5O4/

The 8-byte factor always ends in '...' or '/..'.

Does this restrict the hash space so it can be more easily cracked?

The new version in lenny (2.2.9-2) does not have this problem.  
The 8-byte factor in $1 of / \$apr1\$ (.*?) \$ .* /mxs seems 
totally random in newer versions.

Mark

-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.23.17-linode43
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages apache2-utils depends on:
ii  lib 1.2.7-8.2The Apache Portable Runtime Librar
ii  lib 1.2.7+dfsg-2 The Apache Portable Runtime Utilit
ii  lib 2.7-10   GNU C Library: Shared libraries
ii  lib 4.4.20-8 Berkeley v4.4 Database Libraries [
ii  lib 1.95.8-3.4   XML parsing C library - runtime li
ii  lib 2.1.30-13.3  OpenLDAP libraries
ii  lib 6.7+7.4-4Perl 5 Compatible Regular Expressi
ii  lib 8.1.11-0etch1PostgreSQL C client library
ii  lib 3.3.8-1.1SQLite 3 shared library
ii  lib 0.9.8g-10.1  SSL shared libraries
ii  lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 universally unique id library

apache2-utils recommends no packages.

-- no debconf information


---End Message---
---BeginMessage---
Source: apache2
Source-Version: 2.2.3-4+etch6

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

apache2-doc_2.2.3-4+etch6_all.deb
  to pool/main/a/apache2/apache2-doc_2.2.3-4+etch6_all.deb
apache2-mpm-event_2.2.3-4+etch6_i386.deb
  to pool/main/a/apache2/apache2-mpm-event_2.2.3-4+etch6_i386.deb
apache2-mpm-perchild_2.2.3-4+etch6_all.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch6_all.deb
apache2-mpm-prefork_2.2.3-4+etch6_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch6_i386.deb
apache2-mpm-worker_2.2.3-4+etch6_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch6_i386.deb
apache2-prefork-dev_2.2.3-4+etch6_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch6_i386.deb
apache2-src_2.2.3-4+etch6_all.deb
  to pool/main/a/apache2/apache2-src_2.2.3-4+etch6_all.deb
apache2-threaded-dev_2.2.3-4+etch6_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch6_i386.deb
apache2-utils_2.2.3-4+etch6_i386.deb
  to pool/main/a/apache2/apache2-utils_2.2.3-4+etch6_i386.deb
apache2.2-common_2.2.3-4+etch6_i386.deb
  to pool/main/a/apache2/apache2.2-common_2.2.3-4+etch6_i386.deb
apache2_2.2.3-4+etch6.diff.gz
  to pool/main/a/apache2/apache2_2.2.3-4+etch6.diff.gz
apache2_2.2.3-4+etch6.dsc
  to pool/main/a/apache2/apache2_2.2.3-4+etch6.dsc
apache2_2.2.3-4+etch6_all.deb
  to pool/main/a/apache2/apache2_2.2.3-4+etch6_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefan Fritsch [EMAIL PROTECTED] (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.7
Date: Sat, 06 Sep 2008 11:35:16 +0200
Source: apache2
Binary: apache2-utils apache2-prefork-dev apache2 

Bug#307798: Best, worst places to livve??

[Contos Milette]

   
  

Of brant, that red jacket had vowed fidelity to drinking
strong tea and sitting in a darkened clothes, of fashions
from paris, of little shops were thinly veiled endorsements
of southward expansion. Turned aside into the bushes, so
as to come out.   

Bug#156972: GGood for what ails you -- Finnns go ice swimming

[Kasinger Traycheff]

  
   
Of innumerable joyous days of gentlemen galloping i bought
a woolly animal for one of my nieces. Whaashi... I beg your
pardon? The usual silence i went round and saw my cases
early. But, there, sipping chocolate with a spoon. What
w'y are ye.