Bug#316173: marked as done (SECURITY: HTTP proxy responses with both Transfer-Encoding and Content-Length headers (CAN-2005-2088))
Your message dated Sat, 17 Dec 2005 00:05:09 -0800 with message-id [EMAIL PROTECTED] and subject line Bug#316173: fixed in apache2 2.0.54-5 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 28 Jun 2005 22:49:46 + From [EMAIL PROTECTED] Tue Jun 28 15:49:44 2005 Return-path: [EMAIL PROTECTED] Received: from inutil.org (vserver151.vserver151.serverflex.de) [193.22.164.111] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1DnOtj-0005fj-00; Tue, 28 Jun 2005 15:49:43 -0700 Received: from dsl-082-082-137-197.arcor-ip.net ([82.82.137.197] helo=localhost.localdomain) by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1DnOo7-0006DV-N0 for [EMAIL PROTECTED]; Wed, 29 Jun 2005 00:43:55 +0200 Received: from jmm by localhost.localdomain with local (Exim 4.51) id 1DnOtX-0001i1-IX; Wed, 29 Jun 2005 00:49:31 +0200 Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Moritz Muehlenhoff [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: apache2: Security issues in HTTP proxy responses with both Transfer-Encoding and Content-Length headers X-Mailer: reportbug 3.15 Date: Wed, 29 Jun 2005 00:49:31 +0200 X-Debbugs-Cc: [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] X-SA-Exim-Connect-IP: 82.82.137.197 X-SA-Exim-Mail-From: [EMAIL PROTECTED] X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE, X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: apache2 Severity: grave Tags: security Justification: user security hole Latest 2.1.6-alpha fixes a security in the proxy HTTP code: | The 2.1.6-alpha release addresses a security vulnerability present | in all previous 2.x versions. This fault did not affect Apache 1.3.x | (which did not proxy keepalives or chunked transfer encoding); |Proxy HTTP: If a response contains both Transfer-Encoding |and a Content-Length, remove the Content-Length to eliminate |an HTTP Request Smuggling vulnerability and don't reuse the |connection, stopping some HTTP Request Spoofing attacks. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-rc5 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) --- Received: (at 316173-close) by bugs.debian.org; 17 Dec 2005 08:11:10 + From [EMAIL PROTECTED] Sat Dec 17 00:11:10 2005 Return-path: [EMAIL PROTECTED] Received: from katie by spohr.debian.org with local (Exim 4.50) id 1EnX41-0003C7-9d; Sat, 17 Dec 2005 00:05:09 -0800 From: Adam Conrad [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision: 1.17 $ Subject: Bug#316173: fixed in apache2 2.0.54-5 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Sat, 17 Dec 2005 00:05:09 -0800 X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-CrossAssassin-Score: 3 Source: apache2 Source-Version: 2.0.54-5 We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive: apache2-common_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb apache2-doc_2.0.54-5_all.deb to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb apache2-mpm-perchild_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb apache2-mpm-prefork_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb apache2-mpm-threadpool_2.0.54-5_all.deb to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb apache2-mpm-worker_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb apache2-prefork-dev_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb
Bug#320048: marked as done (SECURITY: buffer-overrun in apache2-ssl (CAN-2005-1268))
Your message dated Sat, 17 Dec 2005 00:05:09 -0800 with message-id [EMAIL PROTECTED] and subject line Bug#320048: fixed in apache2 2.0.54-5 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 26 Jul 2005 17:11:21 + From [EMAIL PROTECTED] Tue Jul 26 10:11:21 2005 Return-path: [EMAIL PROTECTED] Received: from mail.incase.de [85.10.192.47] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1DxSxd-0007O9-00; Tue, 26 Jul 2005 10:11:21 -0700 Received: from localhost (localhost [127.0.0.1]) by mail1_1.incase.de (Postfix) with ESMTP id 0C19B251B18 for [EMAIL PROTECTED]; Tue, 26 Jul 2005 19:10:46 +0200 (CEST) Received: from mail.incase.de ([127.0.0.1]) by localhost (mail1.incase.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28020-01 for [EMAIL PROTECTED]; Tue, 26 Jul 2005 19:10:44 +0200 (CEST) Received: from mail2.incase.de (mail.incase.de [85.10.192.47]) by mail.incase.de (Postfix) with SMTP id B17F6251B17 for [EMAIL PROTECTED]; Tue, 26 Jul 2005 19:10:44 +0200 (CEST) Received: by mail2.incase.de (sSMTP sendmail emulation); Tue, 26 Jul 2005 19:10:44 +0200 Content-Type: multipart/mixed; boundary1719839988== MIME-Version: 1.0 From: Sven Mueller [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: security: Buffer overflow in ssl_engine_kernel.c X-Mailer: reportbug 3.8 Date: Tue, 26 Jul 2005 19:10:44 +0200 Message-Id: [EMAIL PROTECTED] X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at incase.de X-Spam-Bayes: Score: 0. Tokensummary: Tokens: new, 47; hammy, 98; neutral, 61; spammy, 0. Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 This is a multi-part MIME message sent by reportbug. --===1719839988== Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline Package: apache2 Version: 2.0.54-4 Severity: grave Tags: security, patch Justification: possible DoS There is a buffer overflow (off-by-one in buffer size checks) in ssl_engine_kernel.c which could be exploited to DoS the server. Upstream bug report at http://issues.apache.org/bugzilla/show_bug.cgi?id=35081 Upstream patch at http://svn.apache.org/viewcvs.cgi/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=179781view=diffr1=179781r2=179780p1=httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.cp2=/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (SVN revision 179781) patch which can be dropped into the Debian package as 043_fix_buffer_overflow_in_ssl_engine_kernel is attached -- System Information: Debian Release: 3.1 APT prefers stable Architecture: i386 (i686) Kernel: Linux 2.6.11.12-incase Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages apache2 depends on: ii apache2-mpm-prefork 2.0.54-4 traditional model for Apache2 -- no debconf information --===1719839988== Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=043_fix_buffer_overflow_in_ssl_engine_kernel diff -ruN -x Makefile.in -x configure -x '*~' -x build-tree.orig -x '*.rej' build-tree.orig/apache2/config.layout build-tree/apache2/config.layout --- build-tree.orig/apache2/modules/ssl/ssl_engine_kernel.c 2005/06/03 12:43:35 179780 +++ build-tree/apache2/modules/ssl/ssl_engine_kernel.c 2005/06/03 12:54:53 179781 @@ -1408,7 +1408,7 @@ BIO_printf(bio, , nextUpdate: ); ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl)); -n = BIO_read(bio, buff, sizeof(buff)); +n = BIO_read(bio, buff, sizeof(buff) - 1); buff[n] = '\0'; BIO_free(bio); --===1719839988==-- --- Received: (at 320048-close) by bugs.debian.org; 17 Dec 2005 08:11:00 + From [EMAIL PROTECTED] Sat Dec 17 00:11:00 2005 Return-path: [EMAIL PROTECTED] Received: from katie by spohr.debian.org with local (Exim 4.50) id 1EnX41-0003CA-Ae; Sat, 17 Dec 2005 00:05:09 -0800 From: Adam Conrad [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision:
Bug#320063: marked as done (Security: buffer-overrun in apache2-ssl)
Your message dated Sat, 17 Dec 2005 00:05:09 -0800 with message-id [EMAIL PROTECTED] and subject line Bug#320048: fixed in apache2 2.0.54-5 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 26 Jul 2005 18:45:58 + From [EMAIL PROTECTED] Tue Jul 26 11:45:58 2005 Return-path: [EMAIL PROTECTED] Received: from svr.bitshelter.net (mx0.bitshelter.net) [85.10.193.115] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1DxURC-0002H7-00; Tue, 26 Jul 2005 11:45:58 -0700 Received: from localhost (localhost [127.0.0.1]) by mx0.bitshelter.net (Postfix) with ESMTP id 2AC873FFEC for [EMAIL PROTECTED]; Tue, 26 Jul 2005 20:45:54 +0200 (CEST) Received: from mx0.bitshelter.net ([127.0.0.1]) by localhost (svr.bitshelter.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 29705-01-2 for [EMAIL PROTECTED]; Tue, 26 Jul 2005 20:45:39 +0200 (CEST) Received: from nz (J1afb.j.pppool.de [85.74.26.251]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by mx0.bitshelter.net (Postfix) with ESMTP id 6A0BD3FF4A for [EMAIL PROTECTED]; Tue, 26 Jul 2005 20:45:39 +0200 (CEST) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Security: buffer-overrun in apache2-ssl Date: Tue, 26 Jul 2005 20:45:35 +0200 User-Agent: KMail/1.8.1 X-Fingerprint: BBF9 60C6 892A A542 0006 B208 63F8 974C 8DC6 9FB4 X-PGP: 8DC69FB4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.4 required=4.0 tests=BAYES_00,HAS_PACKAGE, NO_REAL_NAME autolearn=no version=2.60-bugs.debian.org_2005_01_02 Package: apache2 Version: 2.0.54-4 Severity:critical Tags: security, fixed-upstream There is a possible remote-exploitable buffer overrun in the Apache2 ssl implementation. A patch is available. See http://issues.apache.org/bugzilla/show_bug.cgi?id=35081 and http://svn.apache.org/viewcvs?rev=189562view=rev --- Received: (at 320048-close) by bugs.debian.org; 17 Dec 2005 08:11:00 + From [EMAIL PROTECTED] Sat Dec 17 00:11:00 2005 Return-path: [EMAIL PROTECTED] Received: from katie by spohr.debian.org with local (Exim 4.50) id 1EnX41-0003CA-Ae; Sat, 17 Dec 2005 00:05:09 -0800 From: Adam Conrad [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision: 1.17 $ Subject: Bug#320048: fixed in apache2 2.0.54-5 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Sat, 17 Dec 2005 00:05:09 -0800 X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-CrossAssassin-Score: 2 Source: apache2 Source-Version: 2.0.54-5 We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive: apache2-common_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb apache2-doc_2.0.54-5_all.deb to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb apache2-mpm-perchild_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb apache2-mpm-prefork_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb apache2-mpm-threadpool_2.0.54-5_all.deb to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb apache2-mpm-worker_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb apache2-prefork-dev_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb apache2-threaded-dev_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb apache2-utils_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-utils_2.0.54-5_i386.deb apache2_2.0.54-5.diff.gz to pool/main/a/apache2/apache2_2.0.54-5.diff.gz apache2_2.0.54-5.dsc to pool/main/a/apache2/apache2_2.0.54-5.dsc apache2_2.0.54-5_i386.deb to pool/main/a/apache2/apache2_2.0.54-5_i386.deb libapr0-dev_2.0.54-5_i386.deb to pool/main/a/apache2/libapr0-dev_2.0.54-5_i386.deb libapr0_2.0.54-5_i386.deb
Bug#320063: marked as done (Security: buffer-overrun in apache2-ssl)
Your message dated Sat, 17 Dec 2005 00:05:09 -0800 with message-id [EMAIL PROTECTED] and subject line Bug#320063: fixed in apache2 2.0.54-5 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 26 Jul 2005 18:45:58 + From [EMAIL PROTECTED] Tue Jul 26 11:45:58 2005 Return-path: [EMAIL PROTECTED] Received: from svr.bitshelter.net (mx0.bitshelter.net) [85.10.193.115] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1DxURC-0002H7-00; Tue, 26 Jul 2005 11:45:58 -0700 Received: from localhost (localhost [127.0.0.1]) by mx0.bitshelter.net (Postfix) with ESMTP id 2AC873FFEC for [EMAIL PROTECTED]; Tue, 26 Jul 2005 20:45:54 +0200 (CEST) Received: from mx0.bitshelter.net ([127.0.0.1]) by localhost (svr.bitshelter.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 29705-01-2 for [EMAIL PROTECTED]; Tue, 26 Jul 2005 20:45:39 +0200 (CEST) Received: from nz (J1afb.j.pppool.de [85.74.26.251]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by mx0.bitshelter.net (Postfix) with ESMTP id 6A0BD3FF4A for [EMAIL PROTECTED]; Tue, 26 Jul 2005 20:45:39 +0200 (CEST) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Security: buffer-overrun in apache2-ssl Date: Tue, 26 Jul 2005 20:45:35 +0200 User-Agent: KMail/1.8.1 X-Fingerprint: BBF9 60C6 892A A542 0006 B208 63F8 974C 8DC6 9FB4 X-PGP: 8DC69FB4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.4 required=4.0 tests=BAYES_00,HAS_PACKAGE, NO_REAL_NAME autolearn=no version=2.60-bugs.debian.org_2005_01_02 Package: apache2 Version: 2.0.54-4 Severity:critical Tags: security, fixed-upstream There is a possible remote-exploitable buffer overrun in the Apache2 ssl implementation. A patch is available. See http://issues.apache.org/bugzilla/show_bug.cgi?id=35081 and http://svn.apache.org/viewcvs?rev=189562view=rev --- Received: (at 320063-close) by bugs.debian.org; 17 Dec 2005 08:10:59 + From [EMAIL PROTECTED] Sat Dec 17 00:10:59 2005 Return-path: [EMAIL PROTECTED] Received: from katie by spohr.debian.org with local (Exim 4.50) id 1EnX41-0003CC-Bc; Sat, 17 Dec 2005 00:05:09 -0800 From: Adam Conrad [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision: 1.17 $ Subject: Bug#320063: fixed in apache2 2.0.54-5 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Sat, 17 Dec 2005 00:05:09 -0800 X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 Source: apache2 Source-Version: 2.0.54-5 We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive: apache2-common_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb apache2-doc_2.0.54-5_all.deb to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb apache2-mpm-perchild_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb apache2-mpm-prefork_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb apache2-mpm-threadpool_2.0.54-5_all.deb to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb apache2-mpm-worker_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb apache2-prefork-dev_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb apache2-threaded-dev_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb apache2-utils_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-utils_2.0.54-5_i386.deb apache2_2.0.54-5.diff.gz to pool/main/a/apache2/apache2_2.0.54-5.diff.gz apache2_2.0.54-5.dsc to pool/main/a/apache2/apache2_2.0.54-5.dsc apache2_2.0.54-5_i386.deb to pool/main/a/apache2/apache2_2.0.54-5_i386.deb libapr0-dev_2.0.54-5_i386.deb to pool/main/a/apache2/libapr0-dev_2.0.54-5_i386.deb libapr0_2.0.54-5_i386.deb to
Bug#320048: marked as done (SECURITY: buffer-overrun in apache2-ssl (CAN-2005-1268))
Your message dated Sat, 17 Dec 2005 00:05:09 -0800 with message-id [EMAIL PROTECTED] and subject line Bug#320063: fixed in apache2 2.0.54-5 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 26 Jul 2005 17:11:21 + From [EMAIL PROTECTED] Tue Jul 26 10:11:21 2005 Return-path: [EMAIL PROTECTED] Received: from mail.incase.de [85.10.192.47] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1DxSxd-0007O9-00; Tue, 26 Jul 2005 10:11:21 -0700 Received: from localhost (localhost [127.0.0.1]) by mail1_1.incase.de (Postfix) with ESMTP id 0C19B251B18 for [EMAIL PROTECTED]; Tue, 26 Jul 2005 19:10:46 +0200 (CEST) Received: from mail.incase.de ([127.0.0.1]) by localhost (mail1.incase.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28020-01 for [EMAIL PROTECTED]; Tue, 26 Jul 2005 19:10:44 +0200 (CEST) Received: from mail2.incase.de (mail.incase.de [85.10.192.47]) by mail.incase.de (Postfix) with SMTP id B17F6251B17 for [EMAIL PROTECTED]; Tue, 26 Jul 2005 19:10:44 +0200 (CEST) Received: by mail2.incase.de (sSMTP sendmail emulation); Tue, 26 Jul 2005 19:10:44 +0200 Content-Type: multipart/mixed; boundary1719839988== MIME-Version: 1.0 From: Sven Mueller [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: security: Buffer overflow in ssl_engine_kernel.c X-Mailer: reportbug 3.8 Date: Tue, 26 Jul 2005 19:10:44 +0200 Message-Id: [EMAIL PROTECTED] X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at incase.de X-Spam-Bayes: Score: 0. Tokensummary: Tokens: new, 47; hammy, 98; neutral, 61; spammy, 0. Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 This is a multi-part MIME message sent by reportbug. --===1719839988== Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline Package: apache2 Version: 2.0.54-4 Severity: grave Tags: security, patch Justification: possible DoS There is a buffer overflow (off-by-one in buffer size checks) in ssl_engine_kernel.c which could be exploited to DoS the server. Upstream bug report at http://issues.apache.org/bugzilla/show_bug.cgi?id=35081 Upstream patch at http://svn.apache.org/viewcvs.cgi/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=179781view=diffr1=179781r2=179780p1=httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.cp2=/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (SVN revision 179781) patch which can be dropped into the Debian package as 043_fix_buffer_overflow_in_ssl_engine_kernel is attached -- System Information: Debian Release: 3.1 APT prefers stable Architecture: i386 (i686) Kernel: Linux 2.6.11.12-incase Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages apache2 depends on: ii apache2-mpm-prefork 2.0.54-4 traditional model for Apache2 -- no debconf information --===1719839988== Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=043_fix_buffer_overflow_in_ssl_engine_kernel diff -ruN -x Makefile.in -x configure -x '*~' -x build-tree.orig -x '*.rej' build-tree.orig/apache2/config.layout build-tree/apache2/config.layout --- build-tree.orig/apache2/modules/ssl/ssl_engine_kernel.c 2005/06/03 12:43:35 179780 +++ build-tree/apache2/modules/ssl/ssl_engine_kernel.c 2005/06/03 12:54:53 179781 @@ -1408,7 +1408,7 @@ BIO_printf(bio, , nextUpdate: ); ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl)); -n = BIO_read(bio, buff, sizeof(buff)); +n = BIO_read(bio, buff, sizeof(buff) - 1); buff[n] = '\0'; BIO_free(bio); --===1719839988==-- --- Received: (at 320063-close) by bugs.debian.org; 17 Dec 2005 08:10:59 + From [EMAIL PROTECTED] Sat Dec 17 00:10:59 2005 Return-path: [EMAIL PROTECTED] Received: from katie by spohr.debian.org with local (Exim 4.50) id 1EnX41-0003CC-Bc; Sat, 17 Dec 2005 00:05:09 -0800 From: Adam Conrad [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision:
Bug#326435: marked as done (CAN-2005-2728: DoS through overly long Range values passed to the byte-range filter)
Your message dated Sat, 17 Dec 2005 00:05:09 -0800 with message-id [EMAIL PROTECTED] and subject line Bug#326435: fixed in apache2 2.0.54-5 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 3 Sep 2005 09:52:21 + From [EMAIL PROTECTED] Sat Sep 03 02:52:21 2005 Return-path: [EMAIL PROTECTED] Received: from (vserver151.vserver151.serverflex.de) [193.22.164.111] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1EBUhA-000690-00; Sat, 03 Sep 2005 02:52:21 -0700 Received: from dsl-082-082-147-113.arcor-ip.net ([82.82.147.113] helo=localhost.localdomain) by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1EBUh5-0007MF-M0 for [EMAIL PROTECTED]; Sat, 03 Sep 2005 11:52:15 +0200 Received: from jmm by localhost.localdomain with local (Exim 4.52) id 1EBUhm-0001WK-DA; Sat, 03 Sep 2005 11:52:58 +0200 Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Moritz Muehlenhoff [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: CAN-2005-2728: DoS through overly long Range values passed to the byte-range filter X-Mailer: reportbug 3.17 Date: Sat, 03 Sep 2005 11:52:58 +0200 X-Debbugs-Cc: Debian Security Team [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] X-SA-Exim-Connect-IP: 82.82.147.113 X-SA-Exim-Mail-From: [EMAIL PROTECTED] X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE, X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02 Package: apache2 Severity: important Tags: security CAN-2005-2728 describes a DoS vulnerability through overly long values in the Range field. Please see http://issues.apache.org/bugzilla/show_bug.cgi?id=29962 for a more complete description and a patch. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.13 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) --- Received: (at 326435-close) by bugs.debian.org; 17 Dec 2005 08:11:11 + From [EMAIL PROTECTED] Sat Dec 17 00:11:11 2005 Return-path: [EMAIL PROTECTED] Received: from katie by spohr.debian.org with local (Exim 4.50) id 1EnX41-0003CF-Ch; Sat, 17 Dec 2005 00:05:09 -0800 From: Adam Conrad [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision: 1.17 $ Subject: Bug#326435: fixed in apache2 2.0.54-5 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Sat, 17 Dec 2005 00:05:09 -0800 X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-CrossAssassin-Score: 4 Source: apache2 Source-Version: 2.0.54-5 We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive: apache2-common_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb apache2-doc_2.0.54-5_all.deb to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb apache2-mpm-perchild_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb apache2-mpm-prefork_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb apache2-mpm-threadpool_2.0.54-5_all.deb to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb apache2-mpm-worker_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb apache2-prefork-dev_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb apache2-threaded-dev_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb apache2-utils_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-utils_2.0.54-5_i386.deb apache2_2.0.54-5.diff.gz to pool/main/a/apache2/apache2_2.0.54-5.diff.gz apache2_2.0.54-5.dsc to pool/main/a/apache2/apache2_2.0.54-5.dsc apache2_2.0.54-5_i386.deb to
apache2_2.0.54-5_i386.changes INSTALLED into stable
Installing: apache2-common_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb apache2-doc_2.0.54-5_all.deb to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb apache2-mpm-perchild_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb apache2-mpm-prefork_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb apache2-mpm-threadpool_2.0.54-5_all.deb to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb apache2-mpm-worker_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb apache2-prefork-dev_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb apache2-threaded-dev_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb apache2-utils_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-utils_2.0.54-5_i386.deb apache2_2.0.54-5.diff.gz to pool/main/a/apache2/apache2_2.0.54-5.diff.gz apache2_2.0.54-5.dsc to pool/main/a/apache2/apache2_2.0.54-5.dsc apache2_2.0.54-5_i386.deb to pool/main/a/apache2/apache2_2.0.54-5_i386.deb libapr0-dev_2.0.54-5_i386.deb to pool/main/a/apache2/libapr0-dev_2.0.54-5_i386.deb libapr0_2.0.54-5_i386.deb to pool/main/a/apache2/libapr0_2.0.54-5_i386.deb Announcing to debian-changes@lists.debian.org Closing bugs: 316173 320048 320063 326435 Thank you for your contribution to Debian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Disattivazione completata.
Grazie per aver utilizzato i servizi AMGI . L'indirizzo email [EMAIL PROTECTED] รจ stato inserito nella lista di esclusione (BlackList). Per riattivarlo clicca questo link: http://www2.amgi.it/mailing/mailing/[EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
2 neue Kontaktanzeige(n) fuer Dich
1 Million neue Baeume fuer die Welt - jetzt dabeisein und sogar mitverdienen! http://email-partner.com/nlforestation.asp Hallo, hier kommt der Newsletter von http://email-partner.com/newsletter.asp mit neuen Anzeigen sortiert nach PLZ, die Deinen Suchkriterien entsprechen! Um sie zu lesen und zu beantworten, besuche bitte unseren Website und klicke auf 'Anzeigen lesen': - Erotik-/Hardcore-DVDs selbst brennen und hunderte heisse Videos downloaden mit FLATRATE zum Preis einer Kauf-CD! http://email-partner.com/nldvd.asp - Annette, 27/170/schlank aus 509 Koeln (mit Foto) (ohne finanzielle Interessen) WEIHNACHTSSTERN SUCHT WEIHNACHTSMANN DER MICH RICHTIG VERFUE Bist du genau so zeigefreudig und leicht erregbar wie ich? Dann bist du, der Mann den ich suche um mich hemmungslos fallen zu lassen. Bin fuer alles offen, was zu zweit Spass macht, mein Faible umfasst Dinge wie NS, Dildospiele, AV und Bondage. Alles kann nichts muss! Wichtig sind mir Geilheit und Standfestigkeit. Ich lege Wert auf Sauberkeit und Diskretion. Wenn es dich gibt, dann melde ... http://email-partner.com/newsletter.asp Alina, 20/174/schlank aus 700 Spaeter :-) (mit Foto) (ohne finanzielle Interessen) ALINA, 20, SCHWANGER SCHWANGER als mein Freund das erfuhr sagte er LECK MICH und verliess mich auf der Stelle. Tja jetzt steh ich allein da mit meinem dicken Bauch ... Bin 20 Jahre alt, blond, bi, sauber, gepflegt und sau-geil Hatte schon lang auch keinen geilen Sex mehr und sehne mich danach, dass jemand wieder meine, schon mit Milch gefuellten Brueste streichelt, daran lutscht oder mir etwas dazwischen schiebt. Bin sehr begabt im Blasen, Lecken und lasse es mir auch gerne mal anal machen. Wenn du ... http://email-partner.com/newsletter.asp -- Und ab in den Urlaub! Lastminute Restplaetze superguenstig bei http://email-partner.com/urlaub.asp -- Passen die obigen Anzeigen zu Deinen Erwartungen? Wenn nein, dann besuche unseren Website nochmals und bestelle diesen Newsletter einfach mit anderen Kriterien neu! Diese gelten dann sofort fuer den naechsten Newsletter! Und Du siehst dabei ja dann auch gleich alle Anzeigen, nach denen Du gesucht hast. Also, dann viel Spass auf http://email-partner.com/newsletter.asp ! Liebe Gruesse Chris PS: Du erhaeltst diese automatisierte Mail, da auf unserem Website http://email-partner.com am 16.09.05 um 09:42:59 Uhr von der IP-Adresse 66.249.65.234 unser kostenfreier Newsletter fuer die Email-Adresse [EMAIL PROTECTED] abonniert wurde. Das Abonnement unseres Newsletters kannst Du jederzeit im Menuepunkt Newsletter wieder abbestellen. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]