Bug#326435: marked as done (CAN-2005-2728: DoS through overly long Range values passed to the byte-range filter)
Your message dated Sat, 17 Dec 2005 00:05:09 -0800 with message-id [EMAIL PROTECTED] and subject line Bug#326435: fixed in apache2 2.0.54-5 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 3 Sep 2005 09:52:21 + From [EMAIL PROTECTED] Sat Sep 03 02:52:21 2005 Return-path: [EMAIL PROTECTED] Received: from (vserver151.vserver151.serverflex.de) [193.22.164.111] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1EBUhA-000690-00; Sat, 03 Sep 2005 02:52:21 -0700 Received: from dsl-082-082-147-113.arcor-ip.net ([82.82.147.113] helo=localhost.localdomain) by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1EBUh5-0007MF-M0 for [EMAIL PROTECTED]; Sat, 03 Sep 2005 11:52:15 +0200 Received: from jmm by localhost.localdomain with local (Exim 4.52) id 1EBUhm-0001WK-DA; Sat, 03 Sep 2005 11:52:58 +0200 Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Moritz Muehlenhoff [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: CAN-2005-2728: DoS through overly long Range values passed to the byte-range filter X-Mailer: reportbug 3.17 Date: Sat, 03 Sep 2005 11:52:58 +0200 X-Debbugs-Cc: Debian Security Team [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] X-SA-Exim-Connect-IP: 82.82.147.113 X-SA-Exim-Mail-From: [EMAIL PROTECTED] X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE, X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02 Package: apache2 Severity: important Tags: security CAN-2005-2728 describes a DoS vulnerability through overly long values in the Range field. Please see http://issues.apache.org/bugzilla/show_bug.cgi?id=29962 for a more complete description and a patch. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.13 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) --- Received: (at 326435-close) by bugs.debian.org; 17 Dec 2005 08:11:11 + From [EMAIL PROTECTED] Sat Dec 17 00:11:11 2005 Return-path: [EMAIL PROTECTED] Received: from katie by spohr.debian.org with local (Exim 4.50) id 1EnX41-0003CF-Ch; Sat, 17 Dec 2005 00:05:09 -0800 From: Adam Conrad [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision: 1.17 $ Subject: Bug#326435: fixed in apache2 2.0.54-5 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Sat, 17 Dec 2005 00:05:09 -0800 X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-CrossAssassin-Score: 4 Source: apache2 Source-Version: 2.0.54-5 We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive: apache2-common_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb apache2-doc_2.0.54-5_all.deb to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb apache2-mpm-perchild_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb apache2-mpm-prefork_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb apache2-mpm-threadpool_2.0.54-5_all.deb to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb apache2-mpm-worker_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb apache2-prefork-dev_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb apache2-threaded-dev_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb apache2-utils_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-utils_2.0.54-5_i386.deb apache2_2.0.54-5.diff.gz to pool/main/a/apache2/apache2_2.0.54-5.diff.gz apache2_2.0.54-5.dsc to pool/main/a/apache2/apache2_2.0.54-5.dsc apache2_2.0.54-5_i386.deb to
Bug#326435: marked as done (CAN-2005-2728: DoS through overly long Range values passed to the byte-range filter)
Your message dated Thu, 08 Sep 2005 11:17:06 -0700 with message-id [EMAIL PROTECTED] and subject line Bug#326435: fixed in apache2 2.0.54-5 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 3 Sep 2005 09:52:21 + From [EMAIL PROTECTED] Sat Sep 03 02:52:21 2005 Return-path: [EMAIL PROTECTED] Received: from (vserver151.vserver151.serverflex.de) [193.22.164.111] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1EBUhA-000690-00; Sat, 03 Sep 2005 02:52:21 -0700 Received: from dsl-082-082-147-113.arcor-ip.net ([82.82.147.113] helo=localhost.localdomain) by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1EBUh5-0007MF-M0 for [EMAIL PROTECTED]; Sat, 03 Sep 2005 11:52:15 +0200 Received: from jmm by localhost.localdomain with local (Exim 4.52) id 1EBUhm-0001WK-DA; Sat, 03 Sep 2005 11:52:58 +0200 Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Moritz Muehlenhoff [EMAIL PROTECTED] To: Debian Bug Tracking System [EMAIL PROTECTED] Subject: CAN-2005-2728: DoS through overly long Range values passed to the byte-range filter X-Mailer: reportbug 3.17 Date: Sat, 03 Sep 2005 11:52:58 +0200 X-Debbugs-Cc: Debian Security Team [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] X-SA-Exim-Connect-IP: 82.82.147.113 X-SA-Exim-Mail-From: [EMAIL PROTECTED] X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE, X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02 Package: apache2 Severity: important Tags: security CAN-2005-2728 describes a DoS vulnerability through overly long values in the Range field. Please see http://issues.apache.org/bugzilla/show_bug.cgi?id=29962 for a more complete description and a patch. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.13 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) --- Received: (at 326435-close) by bugs.debian.org; 8 Sep 2005 18:22:56 + From [EMAIL PROTECTED] Thu Sep 08 11:22:56 2005 Return-path: [EMAIL PROTECTED] Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian)) id 1EDQxO-00065m-00; Thu, 08 Sep 2005 11:17:06 -0700 From: Adam Conrad [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Katie: $Revision: 1.56 $ Subject: Bug#326435: fixed in apache2 2.0.54-5 Message-Id: [EMAIL PROTECTED] Sender: Archive Administrator [EMAIL PROTECTED] Date: Thu, 08 Sep 2005 11:17:06 -0700 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-CrossAssassin-Score: 4 Source: apache2 Source-Version: 2.0.54-5 We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive: apache2-common_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb apache2-doc_2.0.54-5_all.deb to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb apache2-mpm-perchild_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb apache2-mpm-prefork_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb apache2-mpm-threadpool_2.0.54-5_all.deb to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb apache2-mpm-worker_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb apache2-prefork-dev_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb apache2-threaded-dev_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb apache2-utils_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-utils_2.0.54-5_i386.deb apache2_2.0.54-5.diff.gz to pool/main/a/apache2/apache2_2.0.54-5.diff.gz apache2_2.0.54-5.dsc to