Your message dated Wed, 16 Apr 2008 19:52:20 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#462458: fixed in apache2 2.2.3-4+etch5
has caused the Debian Bug report #462458,
regarding apache2: SSL renegotiation does not work on POST requests in certain
configurations
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
462458: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462458
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: apache2
Version: 2.2.3-4+etch3
Severity: important
When mod_fastcgi and mod_action are used (for example, to implement
PHP4 and PHP5 in the same server), data from POST requests which
is buffered during SSL renegotiation is not reinjected correctly
through the filter chain. (Technically, anything that causes Apache
to do an internal redirect on a POST request under SSL renegotiation
can cause this bug to surface.)
This bug was reported upstream as ASF Bugzilla Bug 43738
(<http://issues.apache.org/bugzilla/show_bug.cgi?id=43738>),
and has been fixed in the Apache development line and in the 2.2 branch
for a future release (Apache SVN revision 608787,
<http://svn.apache.org/viewvc?view=rev&revision=608787>).
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-xen-amd64
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages apache2 depends on:
ii apache2-mpm-prefork 2.2.3-4+etch3 Traditional model for Apache HTTPD
apache2 recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: apache2
Source-Version: 2.2.3-4+etch5
We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:
apache2-doc_2.2.3-4+etch5_all.deb
to pool/main/a/apache2/apache2-doc_2.2.3-4+etch5_all.deb
apache2-mpm-event_2.2.3-4+etch5_i386.deb
to pool/main/a/apache2/apache2-mpm-event_2.2.3-4+etch5_i386.deb
apache2-mpm-perchild_2.2.3-4+etch5_all.deb
to pool/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch5_all.deb
apache2-mpm-prefork_2.2.3-4+etch5_i386.deb
to pool/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch5_i386.deb
apache2-mpm-worker_2.2.3-4+etch5_i386.deb
to pool/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch5_i386.deb
apache2-prefork-dev_2.2.3-4+etch5_i386.deb
to pool/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch5_i386.deb
apache2-src_2.2.3-4+etch5_all.deb
to pool/main/a/apache2/apache2-src_2.2.3-4+etch5_all.deb
apache2-threaded-dev_2.2.3-4+etch5_i386.deb
to pool/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch5_i386.deb
apache2-utils_2.2.3-4+etch5_i386.deb
to pool/main/a/apache2/apache2-utils_2.2.3-4+etch5_i386.deb
apache2.2-common_2.2.3-4+etch5_i386.deb
to pool/main/a/apache2/apache2.2-common_2.2.3-4+etch5_i386.deb
apache2_2.2.3-4+etch5.diff.gz
to pool/main/a/apache2/apache2_2.2.3-4+etch5.diff.gz
apache2_2.2.3-4+etch5.dsc
to pool/main/a/apache2/apache2_2.2.3-4+etch5.dsc
apache2_2.2.3-4+etch5_all.deb
to pool/main/a/apache2/apache2_2.2.3-4+etch5_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stefan Fritsch <[EMAIL PROTECTED]> (supplier of updated apache2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 22 Mar 2008 10:16:03 +0100
Source: apache2
Binary: apache2-utils apache2-prefork-dev apache2 apache2-mpm-prefork
apache2-doc apache2-mpm-event apache2.2-common apache2-mpm-worker apache2-src
apache2-threaded-dev apache2-mpm-perchild
Architecture: source all i386
Version: 2.2.3-4+etch5
Distribution: stable
Urgency: low
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <[EMAIL PROTECTED]>
Description:
apache2 - Next generation, scalable, extendable web server
apache2-doc - documentation for apache2
apache2-mpm-event - Event driven model for Apache HTTPD 2.1
apache2-mpm-perchild - Transitional package - please remove
apache2-mpm-prefork - Traditional model for Apache HTTPD 2.1
apache2-mpm-worker - High speed threaded model for Apache HTTPD 2.1
apache2-prefork-dev - development headers for apache2
apache2-src - Apache source code
apache2-threaded-dev - development headers for apache2
apache2-utils - utility programs for webservers
apache2.2-common - Next generation, scalable, extendable web server
Closes: 462458 468289
Changes:
apache2 (2.2.3-4+etch5) stable; urgency=low
.
* Fix a regression introduced by the patch for CVE-2007-6421 which could
lead to a segfault when viewing the balancer manager page.
(Closes: #468289)
* Fix SSL renegotiation with POST requests. (Closes: #462458)
* Make mod_authn_dbd depend on mod_dbd.
Files:
b2bc49b890a8a72117d54fe6a58cfa48 1068 web optional apache2_2.2.3-4+etch5.dsc
bd613135be7304f40bed8cdd612ba3e3 120852 web optional
apache2_2.2.3-4+etch5.diff.gz
a95d448f98276fa8a1634d8c33186aec 963938 web optional
apache2.2-common_2.2.3-4+etch5_i386.deb
7b2d4cd45e0d35c83cecb31fbfe6e36a 423864 web optional
apache2-mpm-worker_2.2.3-4+etch5_i386.deb
770cce01a335bc610c9caf42a8d4588d 420012 web optional
apache2-mpm-prefork_2.2.3-4+etch5_i386.deb
e8bd74a19729350f8bd833d0d41fd445 424350 web optional
apache2-mpm-event_2.2.3-4+etch5_i386.deb
d94c2c5895d1b4f918281eb530f3be5e 341748 web optional
apache2-utils_2.2.3-4+etch5_i386.deb
dcdbabc93679b865da84c89c2a416407 408214 devel optional
apache2-prefork-dev_2.2.3-4+etch5_i386.deb
a9d8c9acce2675907225d32e1049907e 408892 devel optional
apache2-threaded-dev_2.2.3-4+etch5_i386.deb
e7d5bb3ec3bc1b03ef16dd8a684c4562 274838 web optional
apache2-mpm-perchild_2.2.3-4+etch5_all.deb
7f2a181efe13c1461e99ee5163329589 41536 web optional
apache2_2.2.3-4+etch5_all.deb
72171cdab2754a7cdf3ef0dbb7fc20ad 2209374 doc optional
apache2-doc_2.2.3-4+etch5_all.deb
8f1561f25fca5f4db05d3a45bf82d6a5 6617920 devel extra
apache2-src_2.2.3-4+etch5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH5OKEbxelr8HyTqQRAuy9AJ9W2tdtqWwvM8vpVXWWEaEAdVfBtwCgnrk/
MSWAZVX3lJlIyeeMC/7aVCM=
=PGY7
-----END PGP SIGNATURE-----
--- End Message ---
