[Edgy] No binaries for Apache 2 2.0.55-4ubuntu3 for CVE-2006-3747

Bug #62242 reported by Blair Zajac on 2006-09-25
254
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)
High
Martin Pitt

Bug Description

Binary package hint: apache2

I don't know if this a concern yet since Edgy hasn't been released,
but if you do an apt-get source apache2-mpm-worker, then you get
2.0.55-4ubuntu3 which has a fix for CVE-2006-3747.

If you do an apt-get install apache2-mpm-worker, then you get
2.0.55-4ubuntu2.

Given that apache2_2.0.55-4ubuntu3.diff.gz was uploaded on July
28th to this URL:

http://archive.ubuntu.com/ubuntu/pool/main/a/apache2/

I'm wondering if the build of this was missed.

Regards,
Blair

Martin Pitt (pitti) wrote :

FTBFS:
usr/bin/install .libs/apache2 /build/buildd/apache2-2.0.55/debian/apache2-mpm-perchild/usr/sbin/apache2
dh_testroot
mv debian/apache2-mpm-worker/usr/include/apache2/apr* debian/libapr0-dev/usr/include/apr-0
mv: cannot stat `debian/apache2-mpm-worker/usr/include/apache2/apr*': No such file or directory
make: *** [debian/stampdir/move] Error 1

Changed in apache2:
importance: Untriaged → High
status: Unconfirmed → Confirmed
Martin Pitt (pitti) wrote :

The layout choosing does not seem to work for apr:

checking for APR... reconfig
[...]
checking for chosen layout... apr

Martin Pitt (pitti) wrote :

Taking since I already started looking into this issue (although with no success).

Changed in apache2:
assignee: nobody → pitti
status: Confirmed → In Progress
Martin Pitt (pitti) wrote :

 apache2 (2.0.55-4ubuntu4) edgy; urgency=low
 .
   * Add debian/patches/054_restore_prefix_fix:
     - Fix autoconf macros to work with autoconf 2.60 (AC_CANONICAL_SYSTEM
       overwrites $@ in 2.60, see Debian bug #372179), so that the package
       builds again on recent Edgy.
     - Thanks to Daniel Schepler <email address hidden> for this patch
       (taken from Debian #374160)
     - Closes: LP#62242

Changed in apache2:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers