[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6203 -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6203 -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
This bug was fixed in the package apache2 - 2.2.4-3ubuntu0.2 --- apache2 (2.2.4-3ubuntu0.2) gutsy-security; urgency=low [ Emanuele Gentili ] * SECURITY UPDATE: + debian/patches/111_CVE-2008-2364.dpatch (LP: #239894) - The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. + References - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364 [ Marc Deslauriers ] * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in 413 Request Entity Too Large error message - debian/patches/107_CVE-2007-6203.dpatch: properly escape some error messages in modules/http/http_protocol.c. - CVE-2007-6203 * SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in mod_proxy_balancer - debian/patches/108_CVE-2007-6420.dpatch: generate and validate a nonce in modules/proxy/mod_proxy_balancer.c. - CVE-2007-6420 * SECURITY UPDATE: Denial of service via memory leak in the zlib_stateful_init function (LP: #224945) - debian/patches/109_CVE-2008-1678.dpatch: don't call CRYPTO_cleanup_all_ex_data in modules/ssl/mod_ssl.c. - CVE-2008-1678 * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability via UTF-7 encoded URLs - debian/patches/110_CVE-2008-2168.dpatch: specify a default charset in modules/dav/main/mod_dav.c, modules/generators/mod_info.c and modules/proxy/mod_proxy_balancer.c. - CVE-2008-2168 * SECURITY UPDATE: Denial of service via large number of interim responses in mod_proxy module (LP: #239894) - debian/patches/111_CVE-2008-2364.dpatch: updated patch to newer version. - CVE-2008-2364 * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the mod_proxy_ftp module - debian/patches/112_CVE-2008-2939.dpatch: escape the html contained in the wildcard value in modules/proxy/mod_proxy_ftp.c. - CVE-2008-2939 -- Marc Deslauriers marc.deslauri...@ubuntu.com Thu, 05 Mar 2009 15:54:32 -0500 ** Changed in: apache2 (Ubuntu Gutsy) Status: Fix Committed = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6203 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6420 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1678 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-2168 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-2939 ** Changed in: apache2 (Ubuntu Hardy) Status: Fix Committed = Fix Released -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
This bug was fixed in the package apache2 - 2.2.8-1ubuntu0.4 --- apache2 (2.2.8-1ubuntu0.4) hardy-security; urgency=low [ Emanuele Gentili ] * SECURITY UPDATE: + debian/patches/201_security_CVE-2008-2364.dpatch (LP: #239894) - The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. + References - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364 [ Marc Deslauriers ] * SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in mod_proxy_balancer - debian/patches/200_security_CVE-2007-6420.dpatch: generate and validate a nonce in modules/proxy/mod_proxy_balancer.c. - CVE-2007-6420 * SECURITY UPDATE: Denial of service via large number of interim responses in mod_proxy module (LP: #239894) - debian/patches/201_security_CVE-2008-2364.dpatch: updated patch to newer version. - CVE-2008-2364 * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the mod_proxy_ftp module - debian/patches/202_security_CVE-2008-2939.dpatch: escape the html contained in the wildcard value in modules/proxy/mod_proxy_ftp.c. - CVE-2008-2939 -- Marc Deslauriers marc.deslauri...@ubuntu.com Thu, 05 Mar 2009 17:20:17 -0500 -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
Fix released in http://www.ubuntu.com/usn/USN-731-1 ** Changed in: apache2 (Ubuntu Dapper) Status: Fix Committed = Fix Released -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
http://www.ubuntu.com/usn/USN-731-1 -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
This bug was fixed in the package apache2 - 2.2.4-3ubuntu0.2 --- apache2 (2.2.4-3ubuntu0.2) gutsy-security; urgency=low [ Emanuele Gentili ] * SECURITY UPDATE: + debian/patches/111_CVE-2008-2364.dpatch (LP: #239894) - The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. + References - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364 [ Marc Deslauriers ] * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in 413 Request Entity Too Large error message - debian/patches/107_CVE-2007-6203.dpatch: properly escape some error messages in modules/http/http_protocol.c. - CVE-2007-6203 * SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in mod_proxy_balancer - debian/patches/108_CVE-2007-6420.dpatch: generate and validate a nonce in modules/proxy/mod_proxy_balancer.c. - CVE-2007-6420 * SECURITY UPDATE: Denial of service via memory leak in the zlib_stateful_init function (LP: #224945) - debian/patches/109_CVE-2008-1678.dpatch: don't call CRYPTO_cleanup_all_ex_data in modules/ssl/mod_ssl.c. - CVE-2008-1678 * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability via UTF-7 encoded URLs - debian/patches/110_CVE-2008-2168.dpatch: specify a default charset in modules/dav/main/mod_dav.c, modules/generators/mod_info.c and modules/proxy/mod_proxy_balancer.c. - CVE-2008-2168 * SECURITY UPDATE: Denial of service via large number of interim responses in mod_proxy module (LP: #239894) - debian/patches/111_CVE-2008-2364.dpatch: updated patch to newer version. - CVE-2008-2364 * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the mod_proxy_ftp module - debian/patches/112_CVE-2008-2939.dpatch: escape the html contained in the wildcard value in modules/proxy/mod_proxy_ftp.c. - CVE-2008-2939 -- Marc Deslauriers marc.deslauri...@ubuntu.com Thu, 05 Mar 2009 15:54:32 -0500 ** Changed in: apache2 (Ubuntu Gutsy) Status: Fix Committed = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6203 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6420 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1678 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-2168 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-2939 ** Changed in: apache2 (Ubuntu Hardy) Status: Fix Committed = Fix Released -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
This bug was fixed in the package apache2 - 2.2.8-1ubuntu0.4 --- apache2 (2.2.8-1ubuntu0.4) hardy-security; urgency=low [ Emanuele Gentili ] * SECURITY UPDATE: + debian/patches/201_security_CVE-2008-2364.dpatch (LP: #239894) - The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. + References - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364 [ Marc Deslauriers ] * SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in mod_proxy_balancer - debian/patches/200_security_CVE-2007-6420.dpatch: generate and validate a nonce in modules/proxy/mod_proxy_balancer.c. - CVE-2007-6420 * SECURITY UPDATE: Denial of service via large number of interim responses in mod_proxy module (LP: #239894) - debian/patches/201_security_CVE-2008-2364.dpatch: updated patch to newer version. - CVE-2008-2364 * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the mod_proxy_ftp module - debian/patches/202_security_CVE-2008-2939.dpatch: escape the html contained in the wildcard value in modules/proxy/mod_proxy_ftp.c. - CVE-2008-2939 -- Marc Deslauriers marc.deslauri...@ubuntu.com Thu, 05 Mar 2009 17:20:17 -0500 -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
Fix released in http://www.ubuntu.com/usn/USN-731-1 ** Changed in: apache2 (Ubuntu Dapper) Status: Fix Committed = Fix Released -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
http://www.ubuntu.com/usn/USN-731-1 -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
** Changed in: apache2 (Ubuntu Dapper) Assignee: Emanuele Gentili (emgent) = Marc Deslauriers (mdeslaur) Status: In Progress = Fix Committed ** Changed in: apache2 (Ubuntu Gutsy) Assignee: Emanuele Gentili (emgent) = Marc Deslauriers (mdeslaur) Status: In Progress = Fix Committed ** Changed in: apache2 (Ubuntu Hardy) Assignee: Emanuele Gentili (emgent) = Marc Deslauriers (mdeslaur) Status: In Progress = Fix Committed -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
** Changed in: apache2 (Ubuntu Dapper) Assignee: Emanuele Gentili (emgent) = Marc Deslauriers (mdeslaur) Status: In Progress = Fix Committed ** Changed in: apache2 (Ubuntu Gutsy) Assignee: Emanuele Gentili (emgent) = Marc Deslauriers (mdeslaur) Status: In Progress = Fix Committed ** Changed in: apache2 (Ubuntu Hardy) Assignee: Emanuele Gentili (emgent) = Marc Deslauriers (mdeslaur) Status: In Progress = Fix Committed -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
** Changed in: apache2 (Ubuntu) Status: Fix Released = New ** Changed in: apache2 (Ubuntu) Status: New = In Progress ** Changed in: apache2 (Ubuntu) Status: In Progress = Fix Released -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
** Changed in: apache2 (Ubuntu) Status: Fix Released = New ** Changed in: apache2 (Ubuntu) Status: New = In Progress ** Changed in: apache2 (Ubuntu) Status: In Progress = Fix Released -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
** Changed in: apache2 (Ubuntu Dapper) Importance: High = Low ** Changed in: apache2 (Ubuntu Feisty) Importance: High = Low ** Changed in: apache2 (Ubuntu Gutsy) Importance: High = Low ** Changed in: apache2 (Ubuntu Hardy) Importance: High = Low ** Changed in: apache2 (Ubuntu) Importance: High = Low ** Changed in: apache2 (Ubuntu Intrepid) Importance: High = Low -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
** Changed in: apache2 (Ubuntu Dapper) Importance: High = Low ** Changed in: apache2 (Ubuntu Feisty) Importance: High = Low ** Changed in: apache2 (Ubuntu Gutsy) Importance: High = Low ** Changed in: apache2 (Ubuntu Hardy) Importance: High = Low ** Changed in: apache2 (Ubuntu) Importance: High = Low ** Changed in: apache2 (Ubuntu Intrepid) Importance: High = Low -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
Please could someone mark this as Won't Fix for Feisty? -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
** Changed in: apache2 (Ubuntu Feisty) Status: In Progress = Won't Fix -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
Please could someone mark this as Won't Fix for Feisty? -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
** Changed in: apache2 (Ubuntu Feisty) Status: In Progress = Won't Fix -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
POC: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/security/CVE-2008-2364.t?revision=666283view=markup -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
POC: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/security/CVE-2008-2364.t?revision=666283view=markup -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
Upstream fix for apache 2.0.X. http://archive.apache.org/dist/httpd/patches/apply_to_2.0.63/CVE-2008-2364-patch-2.0.txt I will complete dapper fix and tests tomorrow. E. ** Changed in: apache2 (Ubuntu Dapper) Importance: Undecided = High Status: Confirmed = In Progress ** Changed in: apache2 (Ubuntu Dapper) Assignee: (unassigned) = Emanuele Gentili (emgent) -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
more info avaiable here: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364 -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
more info avaiable here: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364 -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
** Changed in: apache2 (Ubuntu) Status: In Progress = Fix Released -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
** Changed in: apache2 (Ubuntu) Status: In Progress = Fix Released -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
Based on the CVE, apache2 in Dapper *is* vulnerable, but the backporting of this fix isn't trivial. Emgent, can you describe your testing environment? That would help in testing the Dapper backport. ** Changed in: apache2 (Ubuntu Dapper) Status: New = Confirmed -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
Upstream has no plans to backport the fix due to how unlikely the situation is. -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
** Changed in: apache2 (Ubuntu Feisty) Assignee: (unassigned) = Emanuele Gentili (emgent) ** Changed in: apache2 (Ubuntu Gutsy) Assignee: (unassigned) = Emanuele Gentili (emgent) ** Changed in: apache2 (Ubuntu Hardy) Assignee: (unassigned) = Emanuele Gentili (emgent) -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
Packages should build-depend on libdb-dev, not a specific version. The new standard db version in Intrepid is 4.7, we shouldn't proliferate 4.6. -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
Security issue in Intrepid Ibex fixed by Chuck Short with Debian Merge. ** Attachment removed: intrepid_apache2_2.2.8-4ubuntu3.debdiff http://launchpadlibrarian.net/15307756/intrepid_apache2_2.2.8-4ubuntu3.debdiff -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
** Changed in: apache2 (Ubuntu Feisty) Assignee: (unassigned) = Emanuele Gentili (emgent) ** Changed in: apache2 (Ubuntu Gutsy) Assignee: (unassigned) = Emanuele Gentili (emgent) ** Changed in: apache2 (Ubuntu Hardy) Assignee: (unassigned) = Emanuele Gentili (emgent) -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
** Changed in: apache2 (Ubuntu Feisty) Importance: Undecided = High Status: New = In Progress ** Changed in: apache2 (Ubuntu Gutsy) Importance: Undecided = High Status: New = In Progress ** Changed in: apache2 (Ubuntu Hardy) Importance: Undecided = High Status: New = In Progress -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
** Changed in: apache2 (Ubuntu Feisty) Importance: Undecided = High Status: New = In Progress ** Changed in: apache2 (Ubuntu Gutsy) Importance: Undecided = High Status: New = In Progress ** Changed in: apache2 (Ubuntu Hardy) Importance: Undecided = High Status: New = In Progress -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
libdb4.6-dev (source: db4.6) is in intrepid again (and should appear soon on the archive). -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
** Attachment added: intrepid_apache2_2.2.8-4ubuntu3.debdiff http://launchpadlibrarian.net/15307756/intrepid_apache2_2.2.8-4ubuntu3.debdiff -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
fixed in 2.2.9, which has been uploaded to Debian -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
libdb4.6-dev (source: db4.6) is in intrepid again (and should appear soon on the archive). -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
** Attachment added: intrepid_apache2_2.2.8-4ubuntu3.debdiff http://launchpadlibrarian.net/15307756/intrepid_apache2_2.2.8-4ubuntu3.debdiff -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
fixed in 2.2.9, which has been uploaded to Debian -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
Intrepid fix avaiable by upstream and work fine to solve the problem. Actually build faild: libaprutil1-dev: Depends: libdb4.6-dev but it is not installable more info: https://edge.launchpad.net/ubuntu/intrepid/i386/libdb4.6-dev (i will attach it later) -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
UPSTREAM FIX: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154r2=666153pathrev=666154 -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
** Attachment added: gutsy_security_apache2_2.2.4-3ubuntu0.2.debdiff http://launchpadlibrarian.net/15293240/gutsy_security_apache2_2.2.4-3ubuntu0.2.debdiff -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
** Attachment added: hardy_security_apache2_2.2.8-1ubuntu0.1.debdiff http://launchpadlibrarian.net/15293694/hardy_security_apache2_2.2.8-1ubuntu0.1.debdiff -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
** Attachment added: feisty_security_apache2_2.2.3-3.2ubuntu2.2.debdiff http://launchpadlibrarian.net/15294355/feisty_security_apache2_2.2.3-3.2ubuntu2.2.debdiff ** Changed in: apache2 (Ubuntu) Status: Confirmed = In Progress -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
@Pitti: can you write here when you solve libdb4.6-dev problem in intrepid? -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
Intrepid fix avaiable by upstream and work fine to solve the problem. Actually build faild: libaprutil1-dev: Depends: libdb4.6-dev but it is not installable more info: https://edge.launchpad.net/ubuntu/intrepid/i386/libdb4.6-dev (i will attach it later) -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
UPSTREAM FIX: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154r2=666153pathrev=666154 -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
** Attachment added: gutsy_security_apache2_2.2.4-3ubuntu0.2.debdiff http://launchpadlibrarian.net/15293240/gutsy_security_apache2_2.2.4-3ubuntu0.2.debdiff -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
** Attachment added: hardy_security_apache2_2.2.8-1ubuntu0.1.debdiff http://launchpadlibrarian.net/15293694/hardy_security_apache2_2.2.8-1ubuntu0.1.debdiff -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
** Attachment added: feisty_security_apache2_2.2.3-3.2ubuntu2.2.debdiff http://launchpadlibrarian.net/15294355/feisty_security_apache2_2.2.3-3.2ubuntu2.2.debdiff ** Changed in: apache2 (Ubuntu) Status: Confirmed = In Progress -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
@Pitti: can you write here when you solve libdb4.6-dev problem in intrepid? -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 239894] Re: CVE-2008-2364 Apache2 mod_proxy_http.c DOS
according to CVE/upstream dapper apache2 version not affected. [EMAIL PROTECTED]:~$ rmadison apache2 apache2 | 2.0.55-4ubuntu2 |dapper | source, amd64, i386, powerpc apache2 | 2.0.55-4ubuntu2.3 | dapper-security | source, amd64, i386, powerpc apache2 | 2.0.55-4ubuntu2.3 | dapper-updates | source, amd64, i386, powerpc apache2 | 2.2.3-3.2build1 |feisty | source, all apache2 | 2.2.3-3.2ubuntu2.1 | feisty-security | source, all apache2 | 2.2.3-3.2ubuntu2.1 | feisty-updates | source, all apache2 | 2.2.4-3build1 | gutsy | source, all apache2 | 2.2.4-3ubuntu0.1 | gutsy-security | source, all apache2 | 2.2.4-3ubuntu0.1 | gutsy-updates | source, all apache2 |2.2.8-1 | hardy | source, all apache2 | 2.2.8-1ubuntu0.2 | hardy-updates | source, all apache2 | 2.2.8-4ubuntu2 | intrepid | source, all -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs