Ubuntu
apache2 package

[Edgy] No binaries for Apache 2 2.0.55-4ubuntu3 for CVE-2006-3747

Bug #62242 reported by Blair Zajac
254
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)
Fix Released
High
Martin Pitt
Ubuntu ubuntu-6.10

Bug Description

Binary package hint: apache2

I don't know if this a concern yet since Edgy hasn't been released,
but if you do an apt-get source apache2-mpm-worker, then you get
2.0.55-4ubuntu3 which has a fix for CVE-2006-3747.

If you do an apt-get install apache2-mpm-worker, then you get
2.0.55-4ubuntu2.

Given that apache2_2.0.55-4ubuntu3.diff.gz was uploaded on July
28th to this URL:

http://archive.ubuntu.com/ubuntu/pool/main/a/apache2/

I'm wondering if the build of this was missed.

Regards,
Blair

Revision history for this message
Martin Pitt (pitti) wrote :

FTBFS:
usr/bin/install .libs/apache2 /build/buildd/apache2-2.0.55/debian/apache2-mpm-perchild/usr/sbin/apache2
dh_testroot
mv debian/apache2-mpm-worker/usr/include/apache2/apr* debian/libapr0-dev/usr/include/apr-0
mv: cannot stat `debian/apache2-mpm-worker/usr/include/apache2/apr*': No such file or directory
make: *** [debian/stampdir/move] Error 1

Changed in apache2:
importance: Untriaged → High
status: Unconfirmed → Confirmed
Revision history for this message
Martin Pitt (pitti) wrote :

The layout choosing does not seem to work for apr:

checking for APR... reconfig
[...]
checking for chosen layout... apr

Revision history for this message
Martin Pitt (pitti) wrote :

Taking since I already started looking into this issue (although with no success).

Changed in apache2:
assignee: nobody → pitti
status: Confirmed → In Progress
Revision history for this message
Martin Pitt (pitti) wrote :

 apache2 (2.0.55-4ubuntu4) edgy; urgency=low
 .
   * Add debian/patches/054_restore_prefix_fix:
     - Fix autoconf macros to work with autoconf 2.60 (AC_CANONICAL_SYSTEM
       overwrites $@ in 2.60, see Debian bug #372179), so that the package
       builds again on recent Edgy.
     - Thanks to Daniel Schepler <email address hidden> for this patch
       (taken from Debian #374160)
     - Closes: LP#62242

Changed in apache2:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.