Ubuntu
apache2 package

SECURITY: buffer-overrun in apache2-ssl (CAN-2005-1268)

Bug #19887 reported by Debian Bug Importer
12
Affects Status Importance Assigned to Milestone
apache2 (Debian)
Fix Released
Unknown
apache2 (Ubuntu)
Fix Released
High
Adam Conrad

Bug Description

Automatically imported from Debian bug report #320048 http://bugs.debian.org/320048

See original description
Revision history for this message
In , Sven Mueller (debian-incase) wrote : Duplicate bug report

Package: apache2
severity 320048 critical
Tags 320048 +fixed-upstream
Retitle 320048 Security: buffer-overrun in apache2-ssl
Tags 320063 +patch
Merge 320048 320063
thanks

Revision history for this message
In , Sven Mueller (debian-incase) wrote : try to fix previous merge

unmerge 320048
submitter 320048 <email address hidden>
merge 320063 320048
thanks

Revision history for this message
In , Stefan Fritsch (sf-sfritsch) wrote : buffer-overrun in apache2-ssl

Note that the problematic code is inside

if (s->loglevel >= APLOG_DEBUG) {
}

It seems a simple workaround is lowering the loglevel to something
below debug. Production systems won't have loglevel debug in most
cases.

Revision history for this message
In , Christian Hammers (ch) wrote : retitling

retitle 320048 SECURITY: buffer-overrun in apache2-ssl (CAN-2005-1268)
retitle 316173 SECURITY: HTTP proxy responses with both Transfer-Encoding and Content-Length headers (CAN-2005-2088)
severity 316173 critical
thanks

Added CAN-Numbers as seen in Ubuntu's USN-160-1 advisory for easier
reference.

bye,

-christian-

Revision history for this message
In , Sven Mueller (debian-incase) wrote : NMU prepared to fix these bugs (316173, 320048/320063)

Hi.

During my NM process, I prepared a NMU for the bugs mentioned in the
subject and CC'ed. I didn't upload it (or rather: ask for upload by a
sponsor) yet, but the packages I prepared are publicly available at
http://mail.incase.de/NMUs/

I will wait a week or so and then ask for upload by a sponsor since I
think these bugs really need to be fixed as soon as possible.

regards,
Sven

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Automatically imported from Debian bug report #320048 http://bugs.debian.org/320048

Revision history for this message
Debian Bug Importer (debzilla) wrote :

*** Bug 19888 has been marked as a duplicate of this bug. ***

Revision history for this message
Tollef Fog Heen (tfheen) wrote :

apache2 (2.0.54-4ubuntu2) breezy; urgency=low

  * SECURITY UPDATE: Fix two vulnerabilities.
  * Add debian/patches/043_CAN-2005-1268.patch:
    - Fix off-by-one error in the SSL certification validation callback.
    - CAN-2005-1268
  * Add debian/patches/044_CAN-2005-2088.patch:
    - Proxy HTTP: If a response contains both Transfer-Encoding
      and a Content-Length, remove the Content-Length to eliminate
      an HTTP Request Smuggling vulnerability and don't reuse the
      connection, stopping some HTTP Request Spoofing attacks.
    - CAN-2005-2088

 -- Martin Pitt <email address hidden> Mon, 8 Aug 2005 09:27:56 +0200

Revision history for this message
In , Adam Conrad (adconrad) wrote : Bug#320048: fixed in apache2 2.0.54-5
Download full text (5.6 KiB)

Source: apache2
Source-Version: 2.0.54-5

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

apache2-common_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb
apache2-doc_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb
apache2-mpm-perchild_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb
apache2-mpm-prefork_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb
apache2-mpm-threadpool_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb
apache2-mpm-worker_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb
apache2-prefork-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb
apache2-threaded-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb
apache2-utils_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-utils_2.0.54-5_i386.deb
apache2_2.0.54-5.diff.gz
  to pool/main/a/apache2/apache2_2.0.54-5.diff.gz
apache2_2.0.54-5.dsc
  to pool/main/a/apache2/apache2_2.0.54-5.dsc
apache2_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2_2.0.54-5_i386.deb
libapr0-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0-dev_2.0.54-5_i386.deb
libapr0_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0_2.0.54-5_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adam Conrad <adconrad@0c3.net> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 2 Sep 2005 22:26:28 +1000
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-threadpool apache2-mpm-worker libapr0 apache2-threaded-dev apache2-common apache2-mpm-perchild
Architecture: source all i386
Version: 2.0.54-5
Distribution: stable-security
Urgency: high
Maintainer: Debian Apache Maintainers <email address hidden>
Changed-By: Adam Conrad <adconrad@0c3.net>
Description:
 apache2 - next generation, scalable, extendable web server
 apache2-common - next generation, scalable, extendable web server
 apache2-doc - documentation for apache2
 apache2-mpm-perchild - experimental high speed perchild threaded model for Apache2
 apache2-mpm-prefork - traditional model for Apache2
 apache2-mpm-threadpool - experimental high speed model for Apache2 (transitional package)
 apache2-mpm-worker - high speed threaded model for Apache2
 apache2-prefork-dev - development headers for apache2
 apache2-threaded-dev - development headers for apache2
 apache2-utils - utility programs for webservers
 libapr0 - the Apache Porta...

Read more...

Revision history for this message
In , Adam Conrad (adconrad) wrote : Bug#320063: fixed in apache2 2.0.54-5
Download full text (5.6 KiB)

Source: apache2
Source-Version: 2.0.54-5

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

apache2-common_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb
apache2-doc_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb
apache2-mpm-perchild_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb
apache2-mpm-prefork_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb
apache2-mpm-threadpool_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb
apache2-mpm-worker_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb
apache2-prefork-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb
apache2-threaded-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb
apache2-utils_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-utils_2.0.54-5_i386.deb
apache2_2.0.54-5.diff.gz
  to pool/main/a/apache2/apache2_2.0.54-5.diff.gz
apache2_2.0.54-5.dsc
  to pool/main/a/apache2/apache2_2.0.54-5.dsc
apache2_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2_2.0.54-5_i386.deb
libapr0-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0-dev_2.0.54-5_i386.deb
libapr0_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0_2.0.54-5_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adam Conrad <adconrad@0c3.net> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 2 Sep 2005 22:26:28 +1000
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-threadpool apache2-mpm-worker libapr0 apache2-threaded-dev apache2-common apache2-mpm-perchild
Architecture: source all i386
Version: 2.0.54-5
Distribution: stable-security
Urgency: high
Maintainer: Debian Apache Maintainers <email address hidden>
Changed-By: Adam Conrad <adconrad@0c3.net>
Description:
 apache2 - next generation, scalable, extendable web server
 apache2-common - next generation, scalable, extendable web server
 apache2-doc - documentation for apache2
 apache2-mpm-perchild - experimental high speed perchild threaded model for Apache2
 apache2-mpm-prefork - traditional model for Apache2
 apache2-mpm-threadpool - experimental high speed model for Apache2 (transitional package)
 apache2-mpm-worker - high speed threaded model for Apache2
 apache2-prefork-dev - development headers for apache2
 apache2-threaded-dev - development headers for apache2
 apache2-utils - utility programs for webservers
 libapr0 - the Apache Porta...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Tue, 26 Jul 2005 19:10:44 +0200
From: Sven Mueller <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: security: Buffer overflow in ssl_engine_kernel.c

--===============1719839988==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Package: apache2
Version: 2.0.54-4
Severity: grave
Tags: security, patch
Justification: possible DoS

There is a buffer overflow (off-by-one in buffer size checks) in
ssl_engine_kernel.c which could be exploited to DoS the server.

Upstream bug report at
http://issues.apache.org/bugzilla/show_bug.cgi?id=35081

Upstream patch at
http://svn.apache.org/viewcvs.cgi/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=179781&view=diff&r1=179781&r2=179780&p1=httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c&p2=/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

(SVN revision 179781)

patch which can be dropped into the Debian package as
043_fix_buffer_overflow_in_ssl_engine_kernel is attached

-- System Information:
Debian Release: 3.1
  APT prefers stable
Architecture: i386 (i686)
Kernel: Linux 2.6.11.12-incase
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages apache2 depends on:
ii apache2-mpm-prefork 2.0.54-4 traditional model for Apache2

-- no debconf information

--===============1719839988==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="043_fix_buffer_overflow_in_ssl_engine_kernel"

diff -ruN -x Makefile.in -x configure -x '*~' -x build-tree.orig -x '*.rej' build-tree.orig/apache2/config.layout build-tree/apache2/config.layout
--- build-tree.orig/apache2/modules/ssl/ssl_engine_kernel.c 2005/06/03 12:43:35 179780
+++ build-tree/apache2/modules/ssl/ssl_engine_kernel.c 2005/06/03 12:54:53 179781
@@ -1408,7 +1408,7 @@
             BIO_printf(bio, ", nextUpdate: ");
             ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl));

- n = BIO_read(bio, buff, sizeof(buff));
+ n = BIO_read(bio, buff, sizeof(buff) - 1);
             buff[n] = '\0';

             BIO_free(bio);

--===============1719839988==--

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Tue, 26 Jul 2005 23:06:35 +0200
From: Sven Mueller <email address hidden>
To: <email address hidden>
Subject: Duplicate bug report

Package: apache2
severity 320048 critical
Tags 320048 +fixed-upstream
Retitle 320048 Security: buffer-overrun in apache2-ssl
Tags 320063 +patch
Merge 320048 320063
thanks

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Wed, 27 Jul 2005 01:24:24 +0200
From: Sven Mueller <email address hidden>
To: <email address hidden>
Subject: try to fix previous merge

unmerge 320048
submitter 320048 <email address hidden>
merge 320063 320048
thanks

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Fri, 5 Aug 2005 23:42:12 +0200
From: Stefan Fritsch <email address hidden>
To: <email address hidden>,
 <email address hidden>
Subject: buffer-overrun in apache2-ssl

Note that the problematic code is inside

if (s->loglevel >= APLOG_DEBUG) {
}

It seems a simple workaround is lowering the loglevel to something
below debug. Production systems won't have loglevel debug in most
cases.

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Wed, 10 Aug 2005 17:03:55 +0200
From: Christian Hammers <email address hidden>
To: <email address hidden>
Subject: retitling

retitle 320048 SECURITY: buffer-overrun in apache2-ssl (CAN-2005-1268)
retitle 316173 SECURITY: HTTP proxy responses with both Transfer-Encoding and Content-Length headers (CAN-2005-2088)
severity 316173 critical
thanks

Added CAN-Numbers as seen in Ubuntu's USN-160-1 advisory for easier
reference.

bye,

-christian-

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Fri, 12 Aug 2005 20:43:25 +0200
From: Sven Mueller <email address hidden>
To: <email address hidden>
Cc: <email address hidden>, Eduard Bloch <email address hidden>
Subject: NMU prepared to fix these bugs (316173, 320048/320063)

--------------enig41A71612B5B6E3002BD73910
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 7bit

Hi.

During my NM process, I prepared a NMU for the bugs mentioned in the
subject and CC'ed. I didn't upload it (or rather: ask for upload by a
sponsor) yet, but the packages I prepared are publicly available at
http://mail.incase.de/NMUs/

I will wait a week or so and then ask for upload by a sponsor since I
think these bugs really need to be fixed as soon as possible.

regards,
Sven

--------------enig41A71612B5B6E3002BD73910
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Cygwin)

iD8DBQFC/O3Ng3izVowCbSERAuuIAKCq3vXW9EIstbzIzJhR0qWbrDFuQwCfS97B
iYK9u5aIZufZtuXDXHgSUPY=
=f1cf
-----END PGP SIGNATURE-----

--------------enig41A71612B5B6E3002BD73910--

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (5.8 KiB)

Message-Id: <email address hidden>
Date: Thu, 08 Sep 2005 11:17:06 -0700
From: Adam Conrad <adconrad@0c3.net>
To: <email address hidden>
Subject: Bug#320048: fixed in apache2 2.0.54-5

Source: apache2
Source-Version: 2.0.54-5

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

apache2-common_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb
apache2-doc_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb
apache2-mpm-perchild_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb
apache2-mpm-prefork_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb
apache2-mpm-threadpool_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb
apache2-mpm-worker_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb
apache2-prefork-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb
apache2-threaded-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb
apache2-utils_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-utils_2.0.54-5_i386.deb
apache2_2.0.54-5.diff.gz
  to pool/main/a/apache2/apache2_2.0.54-5.diff.gz
apache2_2.0.54-5.dsc
  to pool/main/a/apache2/apache2_2.0.54-5.dsc
apache2_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2_2.0.54-5_i386.deb
libapr0-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0-dev_2.0.54-5_i386.deb
libapr0_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0_2.0.54-5_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adam Conrad <adconrad@0c3.net> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 2 Sep 2005 22:26:28 +1000
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-threadpool apache2-mpm-worker libapr0 apache2-threaded-dev apache2-common apache2-mpm-perchild
Architecture: source all i386
Version: 2.0.54-5
Distribution: stable-security
Urgency: high
Maintainer: Debian Apache Maintainers <email address hidden>
Changed-By: Adam Conrad <adconrad@0c3.net>
Description:
 apache2 - next generation, scalable, extendable web server
 apache2-common - next generation, scalable, extendable web server
 apache2-doc - documentation for apache2
 apache2-mpm-perchild - experimental high speed perchild threaded model for Apache2
 apache2-mpm-prefork - traditional model for Apache2
 apache2-mpm-threadpool - experimental high speed model for Apache2 (transitional package)
 apache2-mpm-worker - high speed threaded mod...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (5.8 KiB)

Message-Id: <email address hidden>
Date: Thu, 08 Sep 2005 11:17:06 -0700
From: Adam Conrad <adconrad@0c3.net>
To: <email address hidden>
Subject: Bug#320063: fixed in apache2 2.0.54-5

Source: apache2
Source-Version: 2.0.54-5

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

apache2-common_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb
apache2-doc_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb
apache2-mpm-perchild_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb
apache2-mpm-prefork_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb
apache2-mpm-threadpool_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb
apache2-mpm-worker_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb
apache2-prefork-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb
apache2-threaded-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb
apache2-utils_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-utils_2.0.54-5_i386.deb
apache2_2.0.54-5.diff.gz
  to pool/main/a/apache2/apache2_2.0.54-5.diff.gz
apache2_2.0.54-5.dsc
  to pool/main/a/apache2/apache2_2.0.54-5.dsc
apache2_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2_2.0.54-5_i386.deb
libapr0-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0-dev_2.0.54-5_i386.deb
libapr0_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0_2.0.54-5_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adam Conrad <adconrad@0c3.net> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 2 Sep 2005 22:26:28 +1000
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-threadpool apache2-mpm-worker libapr0 apache2-threaded-dev apache2-common apache2-mpm-perchild
Architecture: source all i386
Version: 2.0.54-5
Distribution: stable-security
Urgency: high
Maintainer: Debian Apache Maintainers <email address hidden>
Changed-By: Adam Conrad <adconrad@0c3.net>
Description:
 apache2 - next generation, scalable, extendable web server
 apache2-common - next generation, scalable, extendable web server
 apache2-doc - documentation for apache2
 apache2-mpm-perchild - experimental high speed perchild threaded model for Apache2
 apache2-mpm-prefork - traditional model for Apache2
 apache2-mpm-threadpool - experimental high speed model for Apache2 (transitional package)
 apache2-mpm-worker - high speed threaded mod...

Read more...

Revision history for this message
In , Adam Conrad (adconrad) wrote :
Download full text (5.6 KiB)

Source: apache2
Source-Version: 2.0.54-5

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

apache2-common_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb
apache2-doc_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb
apache2-mpm-perchild_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb
apache2-mpm-prefork_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb
apache2-mpm-threadpool_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb
apache2-mpm-worker_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb
apache2-prefork-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb
apache2-threaded-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb
apache2-utils_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-utils_2.0.54-5_i386.deb
apache2_2.0.54-5.diff.gz
  to pool/main/a/apache2/apache2_2.0.54-5.diff.gz
apache2_2.0.54-5.dsc
  to pool/main/a/apache2/apache2_2.0.54-5.dsc
apache2_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2_2.0.54-5_i386.deb
libapr0-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0-dev_2.0.54-5_i386.deb
libapr0_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0_2.0.54-5_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adam Conrad <adconrad@0c3.net> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 2 Sep 2005 22:26:28 +1000
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-threadpool apache2-mpm-worker libapr0 apache2-threaded-dev apache2-common apache2-mpm-perchild
Architecture: source all i386
Version: 2.0.54-5
Distribution: stable-security
Urgency: high
Maintainer: Debian Apache Maintainers <email address hidden>
Changed-By: Adam Conrad <adconrad@0c3.net>
Description:
 apache2 - next generation, scalable, extendable web server
 apache2-common - next generation, scalable, extendable web server
 apache2-doc - documentation for apache2
 apache2-mpm-perchild - experimental high speed perchild threaded model for Apache2
 apache2-mpm-prefork - traditional model for Apache2
 apache2-mpm-threadpool - experimental high speed model for Apache2 (transitional package)
 apache2-mpm-worker - high speed threaded model for Apache2
 apache2-prefork-dev - development headers for apache2
 apache2-threaded-dev - development headers for apache2
 apache2-utils - utility programs for webservers
 libapr0 - the Apache Porta...

Read more...

Revision history for this message
In , Adam Conrad (adconrad) wrote : Bug#320048: fixed in apache2 2.0.54-5
Download full text (5.6 KiB)

Source: apache2
Source-Version: 2.0.54-5

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

apache2-common_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb
apache2-doc_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb
apache2-mpm-perchild_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb
apache2-mpm-prefork_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb
apache2-mpm-threadpool_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb
apache2-mpm-worker_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb
apache2-prefork-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb
apache2-threaded-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb
apache2-utils_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-utils_2.0.54-5_i386.deb
apache2_2.0.54-5.diff.gz
  to pool/main/a/apache2/apache2_2.0.54-5.diff.gz
apache2_2.0.54-5.dsc
  to pool/main/a/apache2/apache2_2.0.54-5.dsc
apache2_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2_2.0.54-5_i386.deb
libapr0-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0-dev_2.0.54-5_i386.deb
libapr0_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0_2.0.54-5_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adam Conrad <adconrad@0c3.net> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 2 Sep 2005 22:26:28 +1000
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-threadpool apache2-mpm-worker libapr0 apache2-threaded-dev apache2-common apache2-mpm-perchild
Architecture: source all i386
Version: 2.0.54-5
Distribution: stable-security
Urgency: high
Maintainer: Debian Apache Maintainers <email address hidden>
Changed-By: Adam Conrad <adconrad@0c3.net>
Description:
 apache2 - next generation, scalable, extendable web server
 apache2-common - next generation, scalable, extendable web server
 apache2-doc - documentation for apache2
 apache2-mpm-perchild - experimental high speed perchild threaded model for Apache2
 apache2-mpm-prefork - traditional model for Apache2
 apache2-mpm-threadpool - experimental high speed model for Apache2 (transitional package)
 apache2-mpm-worker - high speed threaded model for Apache2
 apache2-prefork-dev - development headers for apache2
 apache2-threaded-dev - development headers for apache2
 apache2-utils - utility programs for webservers
 libapr0 - the Apache Porta...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (5.8 KiB)

Message-Id: <email address hidden>
Date: Sat, 17 Dec 2005 00:05:09 -0800
From: Adam Conrad <adconrad@0c3.net>
To: <email address hidden>
Subject: Bug#320048: fixed in apache2 2.0.54-5

Source: apache2
Source-Version: 2.0.54-5

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

apache2-common_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb
apache2-doc_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb
apache2-mpm-perchild_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb
apache2-mpm-prefork_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb
apache2-mpm-threadpool_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb
apache2-mpm-worker_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb
apache2-prefork-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb
apache2-threaded-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb
apache2-utils_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-utils_2.0.54-5_i386.deb
apache2_2.0.54-5.diff.gz
  to pool/main/a/apache2/apache2_2.0.54-5.diff.gz
apache2_2.0.54-5.dsc
  to pool/main/a/apache2/apache2_2.0.54-5.dsc
apache2_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2_2.0.54-5_i386.deb
libapr0-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0-dev_2.0.54-5_i386.deb
libapr0_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0_2.0.54-5_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adam Conrad <adconrad@0c3.net> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 2 Sep 2005 22:26:28 +1000
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-threadpool apache2-mpm-worker libapr0 apache2-threaded-dev apache2-common apache2-mpm-perchild
Architecture: source all i386
Version: 2.0.54-5
Distribution: stable-security
Urgency: high
Maintainer: Debian Apache Maintainers <email address hidden>
Changed-By: Adam Conrad <adconrad@0c3.net>
Description:
 apache2 - next generation, scalable, extendable web server
 apache2-common - next generation, scalable, extendable web server
 apache2-doc - documentation for apache2
 apache2-mpm-perchild - experimental high speed perchild threaded model for Apache2
 apache2-mpm-prefork - traditional model for Apache2
 apache2-mpm-threadpool - experimental high speed model for Apache2 (transitional package)
 apache2-mpm-worker - high speed threaded mod...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (5.8 KiB)

Message-Id: <email address hidden>
Date: Sat, 17 Dec 2005 00:05:09 -0800
From: Adam Conrad <adconrad@0c3.net>
To: <email address hidden>
Subject: Bug#320063: fixed in apache2 2.0.54-5

Source: apache2
Source-Version: 2.0.54-5

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

apache2-common_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb
apache2-doc_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb
apache2-mpm-perchild_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb
apache2-mpm-prefork_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb
apache2-mpm-threadpool_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb
apache2-mpm-worker_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb
apache2-prefork-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb
apache2-threaded-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb
apache2-utils_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-utils_2.0.54-5_i386.deb
apache2_2.0.54-5.diff.gz
  to pool/main/a/apache2/apache2_2.0.54-5.diff.gz
apache2_2.0.54-5.dsc
  to pool/main/a/apache2/apache2_2.0.54-5.dsc
apache2_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2_2.0.54-5_i386.deb
libapr0-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0-dev_2.0.54-5_i386.deb
libapr0_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0_2.0.54-5_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adam Conrad <adconrad@0c3.net> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 2 Sep 2005 22:26:28 +1000
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-threadpool apache2-mpm-worker libapr0 apache2-threaded-dev apache2-common apache2-mpm-perchild
Architecture: source all i386
Version: 2.0.54-5
Distribution: stable-security
Urgency: high
Maintainer: Debian Apache Maintainers <email address hidden>
Changed-By: Adam Conrad <adconrad@0c3.net>
Description:
 apache2 - next generation, scalable, extendable web server
 apache2-common - next generation, scalable, extendable web server
 apache2-doc - documentation for apache2
 apache2-mpm-perchild - experimental high speed perchild threaded model for Apache2
 apache2-mpm-prefork - traditional model for Apache2
 apache2-mpm-threadpool - experimental high speed model for Apache2 (transitional package)
 apache2-mpm-worker - high speed threaded mod...

Read more...

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.