Your message dated Thu, 16 Sep 2004 12:02:29 +0100
with message-id [EMAIL PROTECTED]
and subject line Fixed in incoming
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--
Received: (at submit) by bugs.debian.org; 16 Sep 2004 08:02:59 +
From [EMAIL PROTECTED] Thu Sep 16 01:02:59 2004
Return-path: [EMAIL PROTECTED]
Received: from mail.enyo.de [212.9.189.167]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1C7rEJ-0006ao-00; Thu, 16 Sep 2004 01:02:59 -0700
Received: (debugging) helo=deneb.enyo.de ip=212.9.189.171 name=deneb.enyo.de
Received: from deneb.enyo.de ([212.9.189.171])
by mail.enyo.de with esmtp id 1C7rEH-0004yt-7O
for [EMAIL PROTECTED]; Thu, 16 Sep 2004 10:02:57 +0200
Received: from fw by deneb.enyo.de with local (Exim 4.34)
id 1C7rEG-0001Ob-Pf; Thu, 16 Sep 2004 10:02:56 +0200
Content-Type: text/plain; charset=us-ascii
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Florian Weimer [EMAIL PROTECTED]
To: Debian Bug Tracking System [EMAIL PROTECTED]
Subject: CAN-2004-0786: apr_uri_parse() buffer overflow
X-Mailer: reportbug 2.64
Date: Thu, 16 Sep 2004 10:02:56 +0200
Message-Id: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: libapr0
Version: 2.0.50-12
Severity: grave
Tags: security
Justification: user security hole
Uniras has reported a vulnerability in apr-util:
http://www.uniras.gov.uk/vuls/2004/403518/index.htm
The identified vulnerability is in the apr-util library; the
apr_uri_parse function in the apr-util library lacks input validation on
IPv6 literal addresses, which can result in a negative length parameter
being passed to memcpy.
It's likely that this bug affects Subversion.
---
Received: (at 271933-done) by bugs.debian.org; 16 Sep 2004 11:02:36 +
From [EMAIL PROTECTED] Thu Sep 16 04:02:36 2004
Return-path: [EMAIL PROTECTED]
Received: from dev.bitch-whore.com (localhost.localdomain) [213.208.111.147]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1C7u28-000744-00; Thu, 16 Sep 2004 04:02:36 -0700
Received: by localhost.localdomain (Postfix, from userid 1000)
id AE8D51BAB0; Thu, 16 Sep 2004 12:02:29 +0100 (BST)
Date: Thu, 16 Sep 2004 12:02:29 +0100
From: Thom May [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Fixed in incoming
Message-ID: [EMAIL PROTECTED]
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040818i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-2.0 required=4.0 tests=BAYES_01 autolearn=no
version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
apache2 2.0.51-1 is in incoming currently which fixes this and the other two
recent CAN announcements.
-Thom
--
That sounds like a lot of work... Can we out source?
The Revolution will not be outsourced!
(Slick/Monique - Sinfest)
