Уникальная идея, способная изменить вашу жизнь!
The Media Dynamics Group - , , , , . - QCSP , , 1500$ . . , , , . ,, ., , , . , . , - , -, , . , The Media Dynamics Group, , ( ). , , , . , 18 , , , . ,, , , , , . ? , ,. Dell Computers ? , . , . . , Media Dynamics Group. . ( - ). . .9 ,, . 1990 . . , , , , , , , , .10-11 . 1-2 .,. - ,, , . , , . , , .- .. , ( , , , , , 1000$ . !!! ,, ,100 . . , .. , - .. , . 500- , ,, , , . 3 . ,, . , , . - , . , , - . , -, . , , ,. , . 3 . . . .. . , , , , , , , . . - 100$. - 1000$. . ,- $1000. 275% , - $100 , , 824% (!),. ? . , -. , 1000$ - . , . . . ,... . , ,, -$2000 ! , , , , , , 1500$ ! ,. , , , , , , (-- ). . . , ,, . , . , . , . , , ? . ,. ,, , , : , . . , , - QCSP (QUICK CASH SECRET PACKAGE). , . - . , . , . ,QCSP , QCSP.. , ,, . , . - . , . ,. QCSP , 1500$ , . ** 2 ,2 x $1500 = $3,000 ! ***, 5 x $1500 = $7,500$30,000 ! ! , , , , . -, , , , $1000. , ,, $100 - $150 ( ). - c . , , QCSP , , ... QCSP 20 $. , . , , . . QCSP . , , , , , . ( ), , . ., QCSP . , , - QCSP. , , . , Media Dynamics Group (.. ,, , , , , ), , - QCSP. , . , . . . , . - . , . QCSP . !!! , - QCSP. QCSPQCSP : [EMAIL PROTECTED] , . ! Media Dynamics Group QCSP P.S. ?
Re: Bug#257775: AddDefaultCharset default setting is misleading
Hi Marc, On Tue, 6 Jul 2004, [utf-8] Marc Dequènes wrote: Package: apache Severity: minor Coin, Default setting is on by default, so apache force a specific encoding. Most users, and some not complete newbie, are unable to understand why their site is not working as expected, and some (kov) may wonder why their browser is not rendering it properly. As activating this setting is pretty much unuseful for a large majority of users, i suggest deactivating it in future release. This thing has been discussed over and over. This is the last reference to it: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211889archive=yes Since setting AddDefaultCharset off can imply security problem we will never switch it to off. For more information please check the previous URL and the apache documentation on httpd.apache.org Thanks Fabio PS I am closing this bug. -- user fajita: step one fajita Whatever the problem, step one is always to look in the error log. user fajita: step two fajita When in danger or in doubt, step two is to scream and shout.
Bug#256713: marked as done (Apache security update made my website disappear)
Your message dated Tue, 6 Jul 2004 09:22:37 +0200 (CEST) with message-id [EMAIL PROTECTED] and subject line Bug#256713: Apache security update made my website disappear has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 28 Jun 2004 17:07:58 + From [EMAIL PROTECTED] Mon Jun 28 10:07:58 2004 Return-path: [EMAIL PROTECTED] Received: from chiark.greenend.org.uk [193.201.200.170] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Bezbp-0002RP-00; Mon, 28 Jun 2004 10:07:57 -0700 Received: by chiark.greenend.org.uk (Debian Exim 3.35 #1) with local for [EMAIL PROTECTED] id 1Bezbo-0001km-00; Mon, 28 Jun 2004 18:07:56 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-ID: [EMAIL PROTECTED] Date: Mon, 28 Jun 2004 18:07:56 +0100 From: [EMAIL PROTECTED] (Ian Jackson) To: [EMAIL PROTECTED] X-Debian-CC: Jacob Nevins [EMAIL PROTECTED] Subject: Apache security update made my website disappear X-Mailer: VM 7.03 under Emacs 19.34.1 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-7.0 required=4.0 tests=BAYES_01,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Package: apache Version: 1.3.26-0woody5 The security update to apache changed my httpd.conf and srm.conf in a way that meant my system's website disappeared. I did get offered `Save these changes to the configuration files? [Y/n]= ' and said yes, but: * Security updates should be safe. In particular, security updates should be doable with less care, checking, presence of mind, etc. etc. than an elective upgrade. * The default should not be to override a user-changed configuration. * The default should not be to disable an existing website by changing the DocumentRoot to the Debian default. * The question was preceded by a large amount of largely irrelevant messages. Transcript below. Ian. Do you want to install the files fetched [y]: Installing files... (Reading database ... 71673 files and directories currently installed.)= Preparing to replace apache-doc 1.3.26-0woody3 (using .../apache-doc_1.= 3.26-0woo dy5_all.deb) ... Unpacking replacement apache-doc ... Preparing to replace apache-common 1.3.26-0woody3 (using .../apache-com= mon_1.3.2 6-0woody5_i386.deb) ... Unpacking replacement apache-common ... Preparing to replace apache 1.3.26-0woody3 (using .../apache_1.3.26-0wo= ody5_i386 .deb) ... Unpacking replacement apache ... Setting up apache-doc (1.3.26-0woody5) ... Setting up apache-common (1.3.26-0woody5) ... Setting up apache (1.3.26-0woody5) ... update-rc.d: warning: /etc/rc2.d/S75apache is not a link to ../init.d/a= pache update-rc.d: warning: /etc/rc3.d/S75apache is not a link to ../init.d/a= pache - update-rc.d: warning: /etc/rc4.d/S75apache is not a link to ../init.d/a= pache Apache has switched to using logrotate. However, some of your logs are stored outside the /var/log/apache directory, so you should edit /etc/logrotate.d/apache to have them automatically rotated. Adding alias /doc/ - /usr/share/doc/ to srm.conf (for Debian docs). Your config files will not be modified until you select Y at save chan= ges. The DocumentRoot is set to /var/www. Leaving existing site /var/www/index.html untouched. Finding DSO mods...found. # LoadModule vhost_alias_module /usr/lib/apache/1.3/mod_vhost_alias.so # LoadModule env_module /usr/lib/apache/1.3/mod_env.so = | LoadModule config_log_module /usr/lib/apache/1.3/mod_log_config.so # LoadModule mime_magic_module /usr/lib/apache/1.3/mod_mime_magic.so LoadModule mime_module /usr/lib/apache/1.3/mod_mime.so LoadModule negotiation_module /usr/lib/apache/1.3/mod_negotiation.so LoadModule status_module /usr/lib/apache/1.3/mod_status.so # LoadModule info_module /usr/lib/apache/1.3/mod_info.so LoadModule includes_module /usr/lib/apache/1.3/mod_include.so LoadModule autoindex_module /usr/lib/apache/1.3/mod_autoindex.so LoadModule dir_module /usr/lib/apache/1.3/mod_dir.so LoadModule cgi_module /usr/lib/apache/1.3/mod_cgi.so LoadModule asis_module /usr/lib/apache/1.3/mod_asis.so LoadModule imap_module /usr/lib/apache/1.3/mod_imap.so # LoadModule action_module /usr/lib/apache/1.3/mod_actions.so # LoadModule speling_module
Re: Bug#257775: AddDefaultCharset default setting is misleading
Coin, Since setting AddDefaultCharset off can imply security problem we will never switch it to off. For more information please check the previous URL and the apache documentation on httpd.apache.org I'm OK with all this. May i suggest you add a small note in 'README.Debian' with links (especially http://httpd.apache.org/info/css-security/encoding_examples.html) so as people to understand and not reopen a bug when the old ones are archived ? Thx for this explanation. BTW, thanks a lot for your work on IPv6 enabled apache. -- Marc Dequnes (Duck) pgpJPcZcYsbbl.pgp Description: PGP signature
Re: Bug#257775: AddDefaultCharset default setting is misleading
On Tue, 6 Jul 2004, [utf-8] Marc Dequènes wrote: Coin, Since setting AddDefaultCharset off can imply security problem we will never switch it to off. For more information please check the previous URL and the apache documentation on httpd.apache.org I'm OK with all this. May i suggest you add a small note in 'README.Debian' with links (especially http://httpd.apache.org/info/css-security/encoding_examples.html) so as people to understand and not reopen a bug when the old ones are archived ? sure.. that's actually a good idea... Thx for this explanation. no problem... BTW, thanks a lot for your work on IPv6 enabled apache. eh if i only had the time to give them the love they deserve :( Fabio -- user fajita: step one fajita Whatever the problem, step one is always to look in the error log. user fajita: step two fajita When in danger or in doubt, step two is to scream and shout.
Re: Bug#257775: AddDefaultCharset default setting is misleading
On Tue, Jul 06, 2004 at 07:10:10AM +0200, Fabio Massimo Di Nitto wrote: This thing has been discussed over and over. This is the last reference to it: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211889archive=yes Since setting AddDefaultCharset off can imply security problem we will never switch it to off. For more information please check the previous URL and the apache documentation on httpd.apache.org I think the real bug here is in the html specification -- it says the server's setting overrides the document's setting, which just seems daft. My understanding of the security problem is that you need to always set _some_ charset encoding. So I think it'd be a good idea to always set utf-8 rather than latin1 in new installations. -- Next the statesmen will invent cheap lies, putting the blame upon the nation that is attacked, and every man will be glad of those conscience-soothing falsities, and will diligently study them, and refuse to examine any refutations of them; and thus he will by and by convince himself that the war is just, and will thank God for the better sleep he enjoys after this process of grotesque self-deception. -- Mark Twain
Re: Bug#257775: AddDefaultCharset default setting is misleading
On Tue, 6 Jul 2004, Matthew Wilcox wrote: On Tue, Jul 06, 2004 at 07:10:10AM +0200, Fabio Massimo Di Nitto wrote: This thing has been discussed over and over. This is the last reference to it: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211889archive=yes Since setting AddDefaultCharset off can imply security problem we will never switch it to off. For more information please check the previous URL and the apache documentation on httpd.apache.org I think the real bug here is in the html specification -- it says the server's setting overrides the document's setting, which just seems daft. My understanding of the security problem is that you need to always set _some_ charset encoding. So I think it'd be a good idea to always set utf-8 rather than latin1 in new installations. The reason why i didn't change default setting is because all the internal error pages uses latin1 (AddDefaultCharset on) and i didn't want to create a discrepancy between the config and the internal pages. Fabio -- user fajita: step one fajita Whatever the problem, step one is always to look in the error log. user fajita: step two fajita When in danger or in doubt, step two is to scream and shout.
Re: Bug#257775: AddDefaultCharset default setting is misleading
On Tue, Jul 06, 2004 at 04:41:28PM +0200, Fabio Massimo Di Nitto wrote: The reason why i didn't change default setting is because all the internal error pages uses latin1 (AddDefaultCharset on) and i didn't want to create a discrepancy between the config and the internal pages. I didn't realise they used anything outside of ascii. -- Next the statesmen will invent cheap lies, putting the blame upon the nation that is attacked, and every man will be glad of those conscience-soothing falsities, and will diligently study them, and refuse to examine any refutations of them; and thus he will by and by convince himself that the war is just, and will thank God for the better sleep he enjoys after this process of grotesque self-deception. -- Mark Twain
Re: Bug#257775: AddDefaultCharset default setting is misleading
On Tue, 6 Jul 2004, Fabio Massimo Di Nitto wrote: On Tue, 6 Jul 2004, [utf-8] Marc Dequènes wrote: Coin, Since setting AddDefaultCharset off can imply security problem we will never switch it to off. For more information please check the previous URL and the apache documentation on httpd.apache.org I'm OK with all this. May i suggest you add a small note in 'README.Debian' with links (especially http://httpd.apache.org/info/css-security/encoding_examples.html) so as people to understand and not reopen a bug when the old ones are archived ? It's now added to the README.Debian and it will be part of the next apache upload. Fabio -- user fajita: step one fajita Whatever the problem, step one is always to look in the error log. user fajita: step two fajita When in danger or in doubt, step two is to scream and shout.
Processed: Re: Bug#257566: [INTL:tr] Turkish po-debconf translation
Processing commands for [EMAIL PROTECTED]: tag 257566 pending Bug#257566: [INTL:tr] Turkish po-debconf translation Tags were: l10n patch Tags added: pending stop Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)
Bug#257566: [INTL:tr] Turkish po-debconf translation
tag 257566 pending stop On Sun, 4 Jul 2004, Recai Oktas wrote: Package: apache Severity: wishlist Tags: patch l10n Hi, Please find attached the Turkish po-debconf translation. Thanks Deniz Bahadir Gur. Regards, Hi, thanks for the translation! It is included in our CVS now and it will be part of the next upload. Fabio -- user fajita: step one fajita Whatever the problem, step one is always to look in the error log. user fajita: step two fajita When in danger or in doubt, step two is to scream and shout.
Processed: tagging
Processing commands for [EMAIL PROTECTED]: tag 257108 pending Bug#257108: README.* lack information on why /var/lib/apache/mod-bandwidth/ is world writable There were no tags set. Tags added: pending stop Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)
Re: Bug#256982: Upgrade of Apache fails due to configuration syntax error.
On Wed, 30 Jun 2004, David Grant wrote: Can you kindly post the relevant bits of the configuration? otherwise tar them all up and send them to me. Just rebooted to take advantage of kernel 2.6.6 and the problem is resolved. It would seem pointless to send the conf. now, but I can if you would like. Hi David, i couldn't reproduce the problem here. I am closing this bug but please feel free to reopen it if you encounter the same problem again. Thanks a lot for your help. Too bad we couldn't see what was wrong. Fabio -- user fajita: step one fajita Whatever the problem, step one is always to look in the error log. user fajita: step two fajita When in danger or in doubt, step two is to scream and shout.
Re: Bug#256982: Upgrade of Apache fails due to configuration syntax error.
Fabio et al, Fabio Massimo Di Nitto wrote: Hi David, i couldn't reproduce the problem here. I am closing this bug but please feel free to reopen it if you encounter the same problem again. Will do. Thanks a lot for your help. Too bad we couldn't see what was wrong. Thanks for the *extremely* professional response. I was very impressed. This kind of performance can only do the Debian project good. Regards, David
Bug#256982: marked as done (Upgrade of Apache fails due to configuration syntax error.)
Your message dated Tue, 6 Jul 2004 18:01:57 +0200 (CEST) with message-id [EMAIL PROTECTED] and subject line Bug#256982: Upgrade of Apache fails due to configuration syntax error. has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 30 Jun 2004 09:11:15 + From [EMAIL PROTECTED] Wed Jun 30 02:11:14 2004 Return-path: [EMAIL PROTECTED] Received: from (wiredmedia.co.uk) [212.100.226.243] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Bfb7a-000654-00; Wed, 30 Jun 2004 02:11:14 -0700 Received: from [192.168.0.15] ([212.135.181.115]) by wiredmedia.co.uk with MailEnable ESMTP; Wed, 30 Jun 2004 10:09:35 +0100 Message-ID: [EMAIL PROTECTED] Date: Wed, 30 Jun 2004 10:10:03 +0100 From: David Grant [EMAIL PROTECTED] User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040624 Debian/1.7-2 X-Accept-Language: en MIME-Version: 1.0 To: [EMAIL PROTECTED] Subject: Upgrade of Apache fails due to configuration syntax error. Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Package: apache Version: 1.3.31-2 When attempting to dist-upgrade apache in sid, I received the following error. = Setting up apache (1.3.31-2) ... Configuration syntax error detected. Not reloading. Syntax error on line 108 of /etc/apache/httpd.conf: IfModule directive missing closing '' invoke-rc.d: initscript apache, action start failed. dpkg: error processing apache (--configure): subprocess post-installation script returned error exit status 1 = I have looked through http.conf but cannot find the line referenced. Line 180 is a single #. Kernel: Linux 2.4.26-1-386 #2 Sat May 1 16:31:24 EST 2004 i686 GNU/Linux Dependencies: libc6 2.3.2.ds1-1 libdb2 2.7.7.0-9 libexpat1 1.95.6-8 mime-support3.26-1 apache-common 1.3.31-2 perl5.8.4-2 logrotate 3.7-2 dpkg1.10.22 --- Received: (at 256982-done) by bugs.debian.org; 6 Jul 2004 16:02:04 + From [EMAIL PROTECTED] Tue Jul 06 09:02:04 2004 Return-path: [EMAIL PROTECTED] Received: from port1845.ds1-khk.adsl.cybercity.dk (trider-g7.fabbione.net) [212.242.190.82] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1BhsOS-0003pJ-00; Tue, 06 Jul 2004 09:02:04 -0700 Received: from localhost (localhost [127.0.0.1]) by trider-g7.fabbione.net (Postfix) with ESMTP id 1AA83132B; Tue, 6 Jul 2004 18:02:03 +0200 (CEST) Received: from trider-g7.fabbione.net ([127.0.0.1]) by localhost (trider-g7 [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 01638-05; Tue, 6 Jul 2004 18:01:57 +0200 (CEST) Received: from trider-g7.ext.fabbione.net (port1845.ds1-khk.adsl.cybercity.dk [212.242.190.82]) by trider-g7.fabbione.net (Postfix) with ESMTP id 9668A1327; Tue, 6 Jul 2004 18:01:57 +0200 (CEST) Date: Tue, 6 Jul 2004 18:01:57 +0200 (CEST) From: Fabio Massimo Di Nitto [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] To: David Grant [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], Debian Apache Maintainers debian-apache@lists.debian.org Subject: Re: Bug#256982: Upgrade of Apache fails due to configuration syntax error. In-Reply-To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] References: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new-20030616-p9 (Debian) at fabbione.net Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-3.1 required=4.0 tests=BAYES_44,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: On Wed, 30 Jun 2004, David Grant wrote: Can you kindly post the relevant bits of the configuration? otherwise tar them all up and send them to me. Just rebooted to take advantage of kernel 2.6.6 and the problem is
Bug#257945: apache2-common: wrong behaviour when downloading .php files using webdav and mod_dav
Package: apache2-common Version: 2.0.49-1 Severity: grave Justification: renders package unusable I recently upgraded from apache1 to apache2, mainly due the fact that apache2 is needed for subversion. Anyway, I use mod_dav to access the files on my virtual hosts, but I experienced this bad behaviour: when I download a .php file, the source is not downloaded but instead it seems like the output of the php processing is taken, as if it was a normal http request. The same configuration worked well with apache1 and mod_dav. Here is an excerpt of my config: VirtualHost *:80 ServerName mysite.com Location / Dav On AuthType Basic AuthName Auth Required AuthUserFile users.basic Options Indexes FollowSymLinks Limit DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK Require user myuser /Limit /Location /VirtualHost -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (600, 'testing'), (50, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.6-1-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 Versions of packages apache2-common depends on: ii debconf 1.4.28 Debian configuration management sy ii debianutils 2.8.3Miscellaneous utilities specific t ii libapr0 2.0.49-1 The Apache Portable Runtime ii libc6 2.3.2.ds1-13 GNU C Library: Shared libraries an ii libdb4.24.2.52-16Berkeley v4.2 Database Libraries [ ii libexpat1 1.95.6-8 XML parsing C library - runtime li ii libldap22.1.23-1 OpenLDAP libraries ii libmagic1 4.09-1 File type determination library us ii libssl0.9.7 0.9.7d-3 SSL shared libraries ii mime-support3.26-1 MIME files 'mime.types' 'mailcap ii net-tools 1.60-10 The NET-3 networking toolkit ii openssl 0.9.7d-3 Secure Socket Layer (SSL) binary a ii ssl-cert1.0-7Simple debconf wrapper for openssl ii zlib1g 1:1.2.1.1-3 compression library - runtime -- no debconf information
Processing of apache2_2.0.50-1_sparc.changes
apache2_2.0.50-1_sparc.changes uploaded successfully to localhost along with the files: apache2_2.0.50-1.dsc apache2_2.0.50.orig.tar.gz apache2_2.0.50-1.diff.gz apache2-doc_2.0.50-1_all.deb apache2-prefork-dev_2.0.50-1_all.deb apache2-threaded-dev_2.0.50-1_all.deb apache2-common_2.0.50-1_sparc.deb apache2-mpm-worker_2.0.50-1_sparc.deb apache2-mpm-threadpool_2.0.50-1_sparc.deb apache2-mpm-perchild_2.0.50-1_sparc.deb apache2-mpm-prefork_2.0.50-1_sparc.deb libapr0_2.0.50-1_sparc.deb libapr0-dev_2.0.50-1_sparc.deb apache2_2.0.50-1_sparc.deb Greetings, Your Debian queue daemon
Bug#256963: marked as done (apache2: DoS in apache httpd 2.0.49 issue (CAN-2004-0493))
Your message dated Wed, 7 Jul 2004 00:04:57 +0100 with message-id [EMAIL PROTECTED] and subject line Bug#256963: apache2: DoS in apache httpd 2.0.49 issue (CAN-2004-0493) has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 30 Jun 2004 08:19:43 + From [EMAIL PROTECTED] Wed Jun 30 01:19:43 2004 Return-path: [EMAIL PROTECTED] Received: from 204.57.138.210.xn.2iij.net (mebius) [210.138.57.204] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1BfaJj-0002cv-00; Wed, 30 Jun 2004 01:19:43 -0700 Received: by mebius (Postfix, from userid 1000) id 4F33F4488; Wed, 30 Jun 2004 17:19:47 +0900 (JST) Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Hideki Yamane [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: apache2: DoS in apache httpd 2.0.49 issue (CAN-2004-0493) X-Mailer: reportbug 2.62 Date: Wed, 30 Jun 2004 17:19:47 +0900 Message-Id: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-7.0 required=4.0 tests=BAYES_01,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Package: apache2 Severity: normal Tags: security -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear apache2 maintainer team, Probably you know, but FYI. (I cannot find discussion in debian-apache ML and new packages in incoming, so I posted this in BTS. This post makes users to track security issue more easier, I think). Georgi Guninski found security flaw about DoS attack in apache 2.0.49. (http://www.guninski.com/httpd1.html) and patch is here. http://www.apache.org/dist/httpd/patches/apply_to_2.0.49/CAN-2004-0493.patch Is there any plan to apply this patch? If I had overlooked your working about this issue, please let me know what I should see. - -- Regards, Hideki Yamane henrich @ samba.gr.jp/iijmio-mail.jp -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA4neiIu0hy8THJksRAh7mAJ9kkr5I4dFmmNaxL75UPXxvMVOWQQCfZmlT CF+W3gAGJVL5SShaiZ5Ktho= =dBpV -END PGP SIGNATURE- --- Received: (at 256963-done) by bugs.debian.org; 6 Jul 2004 23:05:16 + From [EMAIL PROTECTED] Tue Jul 06 16:05:16 2004 Return-path: [EMAIL PROTECTED] Received: from amnesiac.heapspace.net [195.54.228.42] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Bhz00-0007Qa-00; Tue, 06 Jul 2004 16:05:16 -0700 Received: from localhost (localhost [127.0.0.1]) by amnesiac.heapspace.net (Postfix) with ESMTP id 990D257D8; Wed, 7 Jul 2004 00:04:58 +0100 (BST) Received: from amnesiac.heapspace.net ([127.0.0.1]) by localhost (amnesiac.heapspace.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 52884-02-30; Wed, 7 Jul 2004 00:04:58 +0100 (BST) Received: from fandango.home.clearairturbulence.org (dev.bitch-whore.com [213.208.111.147]) by amnesiac.heapspace.net (Postfix) with ESMTP id B042B57C2; Wed, 7 Jul 2004 00:04:57 +0100 (BST) Received: by fandango.home.clearairturbulence.org (Postfix, from userid 1000) id 3D9593813F74; Wed, 7 Jul 2004 00:04:57 +0100 (BST) Date: Wed, 7 Jul 2004 00:04:57 +0100 From: Thom May [EMAIL PROTECTED] To: Hideki Yamane [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Bug#256963: apache2: DoS in apache httpd 2.0.49 issue (CAN-2004-0493) Message-ID: [EMAIL PROTECTED] References: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: [EMAIL PROTECTED] X-Operating-System: Linux/2.6.7-mm2 (i686) User-Agent: Mutt/1.5.6+20040523i X-Virus-Scanned: by amavisd-new at heapspace.net Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: I just uploaded 2.0.50 which fixes this. -Thom
apache2_2.0.50-1_sparc.changes REJECTED
Rejected: Unknown distribution `UNRELEASED'. === If you don't understand why your files were rejected, or if the override file requires editing, reply to this email.
Processing of apache2_2.0.50-1_sparc.changes
apache2_2.0.50-1_sparc.changes uploaded successfully to localhost along with the files: apache2_2.0.50-1.dsc apache2_2.0.50.orig.tar.gz apache2_2.0.50-1.diff.gz apache2-doc_2.0.50-1_all.deb apache2-prefork-dev_2.0.50-1_all.deb apache2-threaded-dev_2.0.50-1_all.deb apache2-common_2.0.50-1_sparc.deb apache2-mpm-worker_2.0.50-1_sparc.deb apache2-mpm-threadpool_2.0.50-1_sparc.deb apache2-mpm-perchild_2.0.50-1_sparc.deb apache2-mpm-prefork_2.0.50-1_sparc.deb libapr0_2.0.50-1_sparc.deb libapr0-dev_2.0.50-1_sparc.deb apache2_2.0.50-1_sparc.deb Greetings, Your Debian queue daemon
apache2_2.0.50-1_sparc.changes is NEW
apache2-common_2.0.50-1_sparc.deb to pool/main/a/apache2/apache2-common_2.0.50-1_sparc.deb apache2-doc_2.0.50-1_all.deb to pool/main/a/apache2/apache2-doc_2.0.50-1_all.deb apache2-mpm-perchild_2.0.50-1_sparc.deb to pool/main/a/apache2/apache2-mpm-perchild_2.0.50-1_sparc.deb apache2-mpm-prefork_2.0.50-1_sparc.deb to pool/main/a/apache2/apache2-mpm-prefork_2.0.50-1_sparc.deb apache2-mpm-threadpool_2.0.50-1_sparc.deb to pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-1_sparc.deb apache2-mpm-worker_2.0.50-1_sparc.deb to pool/main/a/apache2/apache2-mpm-worker_2.0.50-1_sparc.deb apache2-prefork-dev_2.0.50-1_all.deb to pool/main/a/apache2/apache2-prefork-dev_2.0.50-1_all.deb apache2-threaded-dev_2.0.50-1_all.deb to pool/main/a/apache2/apache2-threaded-dev_2.0.50-1_all.deb apache2_2.0.50-1.diff.gz to pool/main/a/apache2/apache2_2.0.50-1.diff.gz apache2_2.0.50-1.dsc to pool/main/a/apache2/apache2_2.0.50-1.dsc (new) apache2_2.0.50-1_sparc.deb optional www Next generation, scalable, extendable web server Apache v2 is the next generation of the omnipresent Apache web server. This version - a total rewrite - introduces many new improvements, such as threading, a new API, IPv6 support, request/response filtering, and more. apache2_2.0.50.orig.tar.gz to pool/main/a/apache2/apache2_2.0.50.orig.tar.gz libapr0-dev_2.0.50-1_sparc.deb to pool/main/a/apache2/libapr0-dev_2.0.50-1_sparc.deb libapr0_2.0.50-1_sparc.deb to pool/main/a/apache2/libapr0_2.0.50-1_sparc.deb Changes: apache2 (2.0.50-1) unstable; urgency=medium . * New upstream release, fixes [CAN-2004-0493] and [CAN-2004-0488] * The I can't believe you're late to your own raid release * Check whether verbose is on or off in rcS's config (Closes: #242351) * Add an apache2 metapackage (Closes: #234955) * Specifically disable /~root (Closes: #246139) * Stop the daemon in prerm (Closes: #245488) * Redirect /doc/apache2-doc/manual to /manual so the correct magic happens (Closes: #248038) * Update SSL config to current upstream (Closes: #234591,#231147) * No longer install default cgis - they're already shipped in -doc as examples. (Closes: #231665) * Tighten regex for Include (Closes: #234489) * Remove ext-filter.load since we ship ext_filter.load too (Closes: #249268) * Enable userdir as a shared module (Closes: #251102, #246134) * OSKURO SUCKS (otherwise known as: not a bug) (Closes: #208569) * Create /var/lib/apache2 (Closes: #242169) * Remove 'AddDefaultCharset' line from apache2.conf (Suggestion from Marco D'Itri) Announcing to debian-devel-changes@lists.debian.org Closing bugs: 208569 231147 231665 234489 234591 234955 242169 242351 245488 246134 246139 248038 249268 251102 Your package contains new components which requires manual editing of the override file. It is ok otherwise, so please be patient. New packages are usually added to the override file about once a week. You may have gotten the distribution wrong. You'll get warnings above if files already exist in other distributions.