apache2: Fix for CVE-2013-1896

Debian Bug report logs - #717272
apache2: Fix for CVE-2013-1896

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Marc Deslauriers <marc.deslauriers@ubuntu.com>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: apache2: Fix for CVE-2013-1896

Date: Thu, 18 Jul 2013 12:58:12 -0400

[Message part 1 (text/plain, inline)]

Package: apache2
Version: 2.4.4-6
Severity: normal
Tags: patch
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu saucy ubuntu-patch



*** /tmp/tmp5THIhe/bug_body

In Ubuntu, the attached patch was applied to achieve the following:

  * SECURITY UPDATE: denial of service via MERGE request
    - debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI
      in modules/dav/main/mod_dav.c.
    - CVE-2013-1896


Thanks for considering the patch.


-- System Information:
Debian Release: wheezy/sid
  APT prefers raring-updates
  APT policy: (500, 'raring-updates'), (500, 'raring-security'), (500, 'raring'), (100, 'raring-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.8.0-26-generic (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

[apache2_2.4.4-6ubuntu5.debdiff (text/x-diff, attachment)]

Message #12 received at 717272-close@bugs.debian.org (full text, mbox, reply):

From: Arno Töll <arno@debian.org>

To: 717272-close@bugs.debian.org

Subject: Bug#717272: fixed in apache2 2.4.6-1

Date: Sun, 21 Jul 2013 18:48:26 +0000

Source: apache2
Source-Version: 2.4.6-1

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 717272@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Arno Töll <arno@debian.org> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 21 Jul 2013 18:44:42 +0200
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2.2-bin libapache2-mod-proxy-html libapache2-mod-macro apache2-utils apache2-suexec apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg
Architecture: source i386 all
Version: 2.4.6-1
Distribution: unstable
Urgency: low
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Arno Töll <arno@debian.org>
Description: 
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (binary files and modules)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-mpm-event - transitional event MPM package for apache2
 apache2-mpm-itk - transitional itk MPM package for apache2
 apache2-mpm-prefork - transitional prefork MPM package for apache2
 apache2-mpm-worker - transitional worker MPM package for apache2
 apache2-suexec - transitional package for apache2-suexec-pristine
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 apache2.2-bin - Transitional package for apache2-bin
 libapache2-mod-macro - Transitional package for apache2-bin
 libapache2-mod-proxy-html - Transitional package for apache2-bin
Closes: 706962 716694 716921 717272 717299 717343 717448
Changes: 
 apache2 (2.4.6-1) unstable; urgency=low
 .
   New upstream release:
   * CVE-2013-1896: mod_dav: Fix a denial of service via MERGE request
     (Closes: #717272)
   * New modules mod_cache_socache, mod_proxy_wstunnel.
   * mod_ssl: Add support for subjectAltName-based host name checking in proxy
     mode (SSLProxyCheckPeerName).
   * mod_lua: Many new functions.
   * mod_auth_basic: Add a generic mechanism to fake basic authentication
     using the ap_expr parser (AuthBasicFake).
   * mod_proxy: New BalancerInherit and ProxyPassInherit options.
   * mod_authnz_ldap: Allow using exec: calls to obtain LDAP bind password.
 .
   [ Arno Töll ]
   * Document our security model in our NEWS file and highlight we do not allow
     access to /srv. Thanks to joeyh for pointing this out.
   * Allow the use of apache2-maintscript-helper from a sub-function. We rely
     on dpkg's arguments supplied in $1, $2 etc. This clashes with function
     arguments supplied to to sh sub-function. Allow manual override in such
     cases.
   * Mention that the dh_apache2 conditional must be present in postrm too
     (Closes: #716694)
   * Fix "dh_apache2 ignores alternative httpd on conf files" by correctly
     checking the supplied arguments, we were off by one (Closes: #717299).
   * Reinstall index.html also on upgrades as it is removed during upgrades.
   * Add mod_macro transitional package as it was promoted to core and does not
     exist as individual package anymore (Closes: #706962)
 .
   [ Stefan Fritsch ]
   * Don't fail package upgrade or removal just because the configuration is in
     an inconsistent state (Closes: #716921, #717343, LP: #1202653).
   * Improve error output of init script.
   * Fix broken dependency information in several *.load files.
   * Add mod_authn_core as dependency of the mod_auth_* modules.
     (Closes: #717448)
Checksums-Sha1: 
 8165ccba179181c41f3f21059f95ba66cd1a3806 2430 apache2_2.4.6-1.dsc
 16d8ec72535ded65d035122b0d944b0e64eaa2a2 4949897 apache2_2.4.6.orig.tar.bz2
 4c9a9501247a9b6edd8ef3eaa69d2dc147e7b486 188549 apache2_2.4.6-1.debian.tar.gz
 bc0991bab7d5d523b1e70c862bfda685d9b87b20 1412 libapache2-mod-proxy-html_2.4.6-1_i386.deb
 a376e81d1a74e9b0f25d84d6d7f75ac2dab596dd 1404 libapache2-mod-macro_2.4.6-1_i386.deb
 298a3581ebcac353e2ab4598fb87a8833efa46b2 187302 apache2_2.4.6-1_i386.deb
 2f427b47136d534a8e8e76122e42750eed404214 153620 apache2-data_2.4.6-1_all.deb
 c260af0d49098f459919a7575f4cba39d7791536 946704 apache2-bin_2.4.6-1_i386.deb
 261ac65f96c8d6068b828df5399de12381f464f2 1400 apache2-mpm-worker_2.4.6-1_i386.deb
 a483aa0dd20a9b4a14b891401a3beb21c81517b0 1400 apache2-mpm-prefork_2.4.6-1_i386.deb
 10b3fe0603bd46bfa6a2b5accc093f14aec963c6 1396 apache2-mpm-event_2.4.6-1_i386.deb
 cf6ad6b99047be9adbde78f4faab0f9113007b04 1390 apache2-mpm-itk_2.4.6-1_i386.deb
 4c8636d1184cb3d3ef0247502f12646179cd08cb 1428 apache2.2-bin_2.4.6-1_i386.deb
 22cc7e71581433d4edbac8956912745528ce9279 180352 apache2-utils_2.4.6-1_i386.deb
 fab206b484a31ea7dff28acd9b8e998b2bcbdb8e 1386 apache2-suexec_2.4.6-1_i386.deb
 5660efb8df142d736461250a6a5b90f3ede471bc 114944 apache2-suexec-pristine_2.4.6-1_i386.deb
 bb4ca208f98c7083fda64e0eab37d850cc774f5e 116412 apache2-suexec-custom_2.4.6-1_i386.deb
 762db58e6794898421fe80e603ea44cb0ec2acf9 2673992 apache2-doc_2.4.6-1_all.deb
 cb18bd9df8a2540202e859c1c2b3dc0ea63f40aa 262770 apache2-dev_2.4.6-1_i386.deb
 c8256ff9e19f75627b395b5c03ea912724eca97d 1938764 apache2-dbg_2.4.6-1_i386.deb
Checksums-Sha256: 
 f73d6c83f9ff12b22bf4999d932a8d91d58312c4d86287febf801c4ffc9fd71d 2430 apache2_2.4.6-1.dsc
 dc9f3625ebc08bea55eeb0d16e71fba656f252e6cd0aa244ee7806dc3b022fea 4949897 apache2_2.4.6.orig.tar.bz2
 af5309e7b6940b799d22f2d1665800fe8928a2d71ce56ba863ae1dda8e9ea466 188549 apache2_2.4.6-1.debian.tar.gz
 92fbf3aa7acd597ae28121176e5597fd9d35d09973d30ef6841df56bcf52f17f 1412 libapache2-mod-proxy-html_2.4.6-1_i386.deb
 80c9f25e2d2b663495da70198f5830d0e802b072f477dbc01184f511bb38ba08 1404 libapache2-mod-macro_2.4.6-1_i386.deb
 91a0bcb484bcd5c43900ace2db5c113e0ff81db0e5beaa56a03595a559200465 187302 apache2_2.4.6-1_i386.deb
 cb6feb15237f2c17d8e06da05d9710600da8c768b21032059bffded43b889c9d 153620 apache2-data_2.4.6-1_all.deb
 a371931f74694f1ca385385cc7b3d13bee5042c257d10304e90cb89557548592 946704 apache2-bin_2.4.6-1_i386.deb
 3c31acb3ef5b8404f63b9321f88272694521b75e810875064772dc55702d7ebb 1400 apache2-mpm-worker_2.4.6-1_i386.deb
 20a852c939fd88fdfffbef20e212c66133e1b67011067e9ea8552ce4b0c6a9e7 1400 apache2-mpm-prefork_2.4.6-1_i386.deb
 04f00976d6b736f1ca1315a0841335755438b80dda237011c27766fcd4ae0df3 1396 apache2-mpm-event_2.4.6-1_i386.deb
 89c1b5b27389a66929942d3e52ca4234d94f701cd7d14c1876064dcfa00b73d6 1390 apache2-mpm-itk_2.4.6-1_i386.deb
 2ecb7bfd7d19dea566119518aad7767a5544c98fd001e34b18288022f628a7c5 1428 apache2.2-bin_2.4.6-1_i386.deb
 b3997e5053f7bfcbd98a43a4bcf8dd696d5b30739e459f6c4cf5c96b2e2b76ae 180352 apache2-utils_2.4.6-1_i386.deb
 c1e821df00f3d8085d1957b5a018f1f3d574fd47e5205ce49bc70a58c3546c88 1386 apache2-suexec_2.4.6-1_i386.deb
 155b05fbcee6ee20865ccf9d20b69c8c1ed2c201c2f2c7d24eb5a4e1c4f1a1ee 114944 apache2-suexec-pristine_2.4.6-1_i386.deb
 d64ddf88c96041e705c508ae41da74d3d669d091340277697d32e2ba7bcebe8c 116412 apache2-suexec-custom_2.4.6-1_i386.deb
 cd11cc6f44a0c29c666374cf1c454bfb1742a634298e9b2a2f1a0d3d10194fee 2673992 apache2-doc_2.4.6-1_all.deb
 554176d50bd70471034606fbb33487c922629cdee28364609652cc6eb5c6c0f0 262770 apache2-dev_2.4.6-1_i386.deb
 4ff6b9b8c3286dc82c6d03e731d2b720aba1b49421fc78b04b96b78b1be580c6 1938764 apache2-dbg_2.4.6-1_i386.deb
Files: 
 827cd09b3f55f0b30acc10aa5e6fdb99 2430 httpd optional apache2_2.4.6-1.dsc
 ea5e361ca37b8d7853404419dd502efe 4949897 httpd optional apache2_2.4.6.orig.tar.bz2
 75ff5c211f37666c1d5c71832c219b14 188549 httpd optional apache2_2.4.6-1.debian.tar.gz
 06f2ec89e88c4abdf386447c314b1756 1412 oldlibs extra libapache2-mod-proxy-html_2.4.6-1_i386.deb
 3d8db77c6a6ea3eba37feca2d8376733 1404 oldlibs extra libapache2-mod-macro_2.4.6-1_i386.deb
 6c370aefe396f18c3c95f00810cd5051 187302 httpd optional apache2_2.4.6-1_i386.deb
 6cda177a221549f0280a425a00c27a28 153620 httpd optional apache2-data_2.4.6-1_all.deb
 f8c43af1d303907a3be579a8bfbe22bf 946704 httpd optional apache2-bin_2.4.6-1_i386.deb
 be7fccbd94a8dfaa067f43933ba94dcb 1400 oldlibs extra apache2-mpm-worker_2.4.6-1_i386.deb
 508fe55c4e6eec8894e86c6598871d39 1400 oldlibs extra apache2-mpm-prefork_2.4.6-1_i386.deb
 c22bc64d48fe256efba1ff3ee1da2406 1396 oldlibs extra apache2-mpm-event_2.4.6-1_i386.deb
 6e7eca34b6e6d36d7be4ec83c13a10ff 1390 oldlibs extra apache2-mpm-itk_2.4.6-1_i386.deb
 64038f85f03e06c82ab644e9bf191b9b 1428 oldlibs extra apache2.2-bin_2.4.6-1_i386.deb
 5008a8e4f12cd0f9ca5de3934600a555 180352 httpd optional apache2-utils_2.4.6-1_i386.deb
 9875aa071065bb5223fb9e77a357ad9a 1386 oldlibs extra apache2-suexec_2.4.6-1_i386.deb
 038e3ba784d54ba8246a5c1f7ac2a99d 114944 httpd optional apache2-suexec-pristine_2.4.6-1_i386.deb
 288cc35f6130526d1ffe9aa96b6a4ca8 116412 httpd extra apache2-suexec-custom_2.4.6-1_i386.deb
 17fd2cc9d81218dfc5e56143970034c0 2673992 doc optional apache2-doc_2.4.6-1_all.deb
 7144b24e884c4c2e05dc9d5b466ccdc9 262770 httpd optional apache2-dev_2.4.6-1_i386.deb
 10d7cd543a8873d6077792014a41b1ee 1938764 debug extra apache2-dbg_2.4.6-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFR7CiZbxelr8HyTqQRAr4XAJ9wGheOPj7awhLVmWlqke9be7kdOgCfSyop
wwMzQ7MW2R5lJ/ieohQ8WWg=
=EdVM
-----END PGP SIGNATURE-----

Message #23 received at 717272-close@bugs.debian.org (full text, mbox, reply):

From: Stefan Fritsch <sf@debian.org>

To: 717272-close@bugs.debian.org

Subject: Bug#717272: fixed in apache2 2.2.22-13+deb7u1

Date: Sat, 01 Feb 2014 19:17:05 +0000

Source: apache2
Source-Version: 2.2.22-13+deb7u1

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 717272@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 31 Jan 2014 19:43:07 +0100
Source: apache2
Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg
Architecture: source i386 all
Version: 2.2.22-13+deb7u1
Distribution: wheezy
Urgency: medium
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description: 
 apache2    - Apache HTTP Server metapackage
 apache2-dbg - Apache debugging symbols
 apache2-doc - Apache HTTP Server documentation
 apache2-mpm-event - Apache HTTP Server - event driven model
 apache2-mpm-itk - multiuser MPM for Apache 2.2
 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
 apache2-mpm-worker - Apache HTTP Server - high speed threaded model
 apache2-prefork-dev - Apache development headers - non-threaded MPM
 apache2-suexec - Standard suexec program for Apache 2 mod_suexec
 apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
 apache2-threaded-dev - Apache development headers - threaded MPM
 apache2-utils - utility programs for webservers
 apache2.2-bin - Apache HTTP Server common binary files
 apache2.2-common - Apache HTTP Server common files
Closes: 717272 722333 731531
Changes: 
 apache2 (2.2.22-13+deb7u1) wheezy; urgency=medium
 .
   Low impact security fixes:
   * CVE-2013-1862: mod_rewrite: Ensure that client data written to the
     RewriteLog is escaped to prevent terminal escape sequences from entering
     the log file. Closes: #722333
   * CVE-2013-1896: mod_dav: denial of service via MERGE request.
     Closes: #717272
   * mod_dav: Fix segfaults in certain error conditions.
     https://issues.apache.org/bugzilla/show_bug.cgi?id=52559
 .
   * Make apache2ctl create the necessary directories even if started with
     special options for apache2. Closes: #731531
   * Adjust paragraph in README.Debian about MaxMemFree not working properly.
     The issue has been fixed with apr 1.4.5-1.
Checksums-Sha1: 
 4ac4025a00a3f2e0ea0bbfaeb487f3b401e07614 2890 apache2_2.2.22-13+deb7u1.dsc
 bee4ed4468a949e15322f8a3d5714d03a8238bed 202142 apache2_2.2.22-13+deb7u1.debian.tar.gz
 7a4738068c0fb42c107932e22bd3f7d65141d3ab 291066 apache2.2-common_2.2.22-13+deb7u1_i386.deb
 84fe0198baa064576169e6f34c79dde148691368 772790 apache2.2-bin_2.2.22-13+deb7u1_i386.deb
 25e67f8fc49ae2146306e1952235d8fa6d3e995e 2234 apache2-mpm-worker_2.2.22-13+deb7u1_i386.deb
 ded7900746be8b3259bd36c80f42549642d08974 2344 apache2-mpm-prefork_2.2.22-13+deb7u1_i386.deb
 ec32dd8dca72e2b446ca2ad65bf8de0e4b8ae0e4 2310 apache2-mpm-event_2.2.22-13+deb7u1_i386.deb
 28091cfee3f11663db1f8dcdb26e71e751542d66 2334 apache2-mpm-itk_2.2.22-13+deb7u1_i386.deb
 b93e92b7f06382dba12da6b95803830b2db908b6 162484 apache2-utils_2.2.22-13+deb7u1_i386.deb
 2564573c7343ae80ee2ab7c03099f897ee793385 105618 apache2-suexec_2.2.22-13+deb7u1_i386.deb
 8c4fbd6bf45bc6561508f95ffaf695912c2b41b7 107160 apache2-suexec-custom_2.2.22-13+deb7u1_i386.deb
 47a68e7f78d6b80a0a6b54836bf1db0c2d41ee14 1434 apache2_2.2.22-13+deb7u1_i386.deb
 c94893d17dafe6fc0c576531dc4f134a26d75363 1773134 apache2-doc_2.2.22-13+deb7u1_all.deb
 aa8c5cccb2cbd6ddfdb3911068aaa4675230f1cf 114446 apache2-prefork-dev_2.2.22-13+deb7u1_i386.deb
 76e38b0f3551a32624ae258a189573586b6aef5e 115258 apache2-threaded-dev_2.2.22-13+deb7u1_i386.deb
 e18626a6ffcb39b3d40ad3aa0903d41af41d5355 1635336 apache2-dbg_2.2.22-13+deb7u1_i386.deb
Checksums-Sha256: 
 a82f86b21a4553dc4b84f2d7fdca445c0d67de9c03f96a4bee3b5dab4c3afe5f 2890 apache2_2.2.22-13+deb7u1.dsc
 cf54af1b8168e029ccedee4fa5f4e090ac500552d983150572196ad7e1a2ed60 202142 apache2_2.2.22-13+deb7u1.debian.tar.gz
 e4a52d4112eca59ea1bb5975689fd14544026c3ffd70f22a0fb61981f63e2017 291066 apache2.2-common_2.2.22-13+deb7u1_i386.deb
 1aabe51b0374e08ba6d42b74ad9c5a5e0bb79d06664abd7b5d1000819bdd20f9 772790 apache2.2-bin_2.2.22-13+deb7u1_i386.deb
 e67d6b3f70611efb1c2254186e4612ecec50b0239f80c057f8df8fcd599676b5 2234 apache2-mpm-worker_2.2.22-13+deb7u1_i386.deb
 4072609b4d577e4e5b2402b98e2da664578aec27f150d91a33f0071ced970bb9 2344 apache2-mpm-prefork_2.2.22-13+deb7u1_i386.deb
 de8c060859eee4350deb1060d3b3e348bbd153ac65bc6bd38f3ae9679cfbf106 2310 apache2-mpm-event_2.2.22-13+deb7u1_i386.deb
 4ce9e3259e1278bfa7cfe5ce90256b91efbde0467ef1b4d5f992d3845c2e98e6 2334 apache2-mpm-itk_2.2.22-13+deb7u1_i386.deb
 9b1add1cdfaef391b1a8ad29509b772e04d040ce7e93229e10383bbdae030e73 162484 apache2-utils_2.2.22-13+deb7u1_i386.deb
 8741587a473acf306e5ee095c530733aaf5fe4d0f33bd50496f60dec318b6329 105618 apache2-suexec_2.2.22-13+deb7u1_i386.deb
 10d7b7b7a183b488413be4f86f97a6900ccdb540cc814cc3c145c60ad58e1ebc 107160 apache2-suexec-custom_2.2.22-13+deb7u1_i386.deb
 589f1efb7a5ae1bc2bf58485e1140e6f4fddd72728c59d12a1d35c86183f6a26 1434 apache2_2.2.22-13+deb7u1_i386.deb
 4dbfd6ad36ff09190c48ab8607a85ba9af4aa0268d2cd4c6d2c211d06cb62aa3 1773134 apache2-doc_2.2.22-13+deb7u1_all.deb
 fc82a3244c8bb5adac00490c9a721f1ba0e700dc7b08ef3d396fc51cbe150950 114446 apache2-prefork-dev_2.2.22-13+deb7u1_i386.deb
 321bae87592bbd66cb5e748c1cf7f3270c54707e4a9ffa4271bb18eba9491c20 115258 apache2-threaded-dev_2.2.22-13+deb7u1_i386.deb
 f35acbf5492cb2050249981a31206e2b7185153b75e4d42ce19dd35f5e68758d 1635336 apache2-dbg_2.2.22-13+deb7u1_i386.deb
Files: 
 9b8d0639e92b3fb22bef23f71a94fc96 2890 httpd optional apache2_2.2.22-13+deb7u1.dsc
 f021bf4ad5b45272df40d630900a384c 202142 httpd optional apache2_2.2.22-13+deb7u1.debian.tar.gz
 8cd9ea2bfd868b1ed6310bafd44e2831 291066 httpd optional apache2.2-common_2.2.22-13+deb7u1_i386.deb
 f30b31bb516498dce9c1134b51834e22 772790 httpd optional apache2.2-bin_2.2.22-13+deb7u1_i386.deb
 49307e0ef96bea90e534f377e18b902e 2234 httpd optional apache2-mpm-worker_2.2.22-13+deb7u1_i386.deb
 63a88f6ad9235511464fd2dfdf349d8e 2344 httpd optional apache2-mpm-prefork_2.2.22-13+deb7u1_i386.deb
 d8484aeeaf6e6f13996d21f49fac08f0 2310 httpd optional apache2-mpm-event_2.2.22-13+deb7u1_i386.deb
 5db5ce4d5412955a7f700e5891208ca9 2334 httpd extra apache2-mpm-itk_2.2.22-13+deb7u1_i386.deb
 0d328fc7f58c7cc6cd4f4c172d80ca66 162484 httpd optional apache2-utils_2.2.22-13+deb7u1_i386.deb
 964ee6dcb03c9c9edf1132b2728aaa6c 105618 httpd optional apache2-suexec_2.2.22-13+deb7u1_i386.deb
 25f948425e1d497b75a5dfb73881e2bb 107160 httpd extra apache2-suexec-custom_2.2.22-13+deb7u1_i386.deb
 108286d11cd84928ec088099c418c96b 1434 httpd optional apache2_2.2.22-13+deb7u1_i386.deb
 ef24835885ba43a7727d9dafad85f678 1773134 doc optional apache2-doc_2.2.22-13+deb7u1_all.deb
 18899a93e488c0a0e65d2a1544c107c8 114446 httpd extra apache2-prefork-dev_2.2.22-13+deb7u1_i386.deb
 a302bd844b5e6c3ad25d203075d36258 115258 httpd extra apache2-threaded-dev_2.2.22-13+deb7u1_i386.deb
 41e91a62050b21b35a1af29839123258 1635336 debug extra apache2-dbg_2.2.22-13+deb7u1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBUuz8gMaHXzVBzv3gAQinig//QzqO6dQbrncwJHL2M13jNpgqlHTvm97K
0wZb63LZQr8LyBpZv5mHraCfT4pkZkCm9rdWW27ZeDVCi6nritIwJ0TcGGs49FGL
EkXVLpaok2WxwQljSoDY1EYMaOWn8r8yJr7ZlX24SRG3uq/TG8LJp73eXFMp6/sC
EGBXtQLkebQHQpolLnN7AfIGQtZ2V0an5O9qvVNxGldAT221vBZ6bTap6Smhl0VT
s+/d9pSFTBbZEYINCRVkLi6n3IazGMhmlHQfTKvwNQb6eXtrzCSRX1r5OpuA9iC7
wV3x7GIwvrhUAfKwC15TNO0G8tFHmTQUbEyYSzlWUgE0uUzqx58VtzalVj5WyEDo
VUQxWYjWeGE43v/lcOL/BA1K9sQlZuxqwLh0mVM3woXzQW1MmnFWeqIIf8h/3oun
nDvvZRaXpOzwzag9N3UmuGjo8l3x67U+1gJZUnZqpmd2Pwn2nI3MSU8jWqLNi7wN
4auJ6IsK26IJDDNxAYlTwzmtxC613NgVI6IZWEIoYn963uF064HY2Jt0ZzdoD53o
2Pu13fU4ah+fk/75njlu7KUaJNp1Jj6lcf20h/fRHEKtNsuQxuNHJEZkpvJf5nWL
yr5+Oa3BmX0sayjbDTS8GjbKaPdPxwAVTdXsJi8WHVlGpx9c/0KLwLPzN7MQ3wQo
vv6XH0VZlVk=
=p5w3
-----END PGP SIGNATURE-----

Message #28 received at 717272-close@bugs.debian.org (full text, mbox, reply):

From: Stefan Fritsch <sf@debian.org>

To: 717272-close@bugs.debian.org

Subject: Bug#717272: fixed in apache2 2.2.16-6+squeeze12

Date: Sat, 01 Feb 2014 19:17:29 +0000

Source: apache2
Source-Version: 2.2.16-6+squeeze12

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 717272@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 28 Jan 2014 22:48:05 +0100
Source: apache2
Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg
Architecture: source all i386
Version: 2.2.16-6+squeeze12
Distribution: squeeze
Urgency: medium
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description: 
 apache2    - Apache HTTP Server metapackage
 apache2-dbg - Apache debugging symbols
 apache2-doc - Apache HTTP Server documentation
 apache2-mpm-event - Apache HTTP Server - event driven model
 apache2-mpm-itk - multiuser MPM for Apache 2.2
 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
 apache2-mpm-worker - Apache HTTP Server - high speed threaded model
 apache2-prefork-dev - Apache development headers - non-threaded MPM
 apache2-suexec - Standard suexec program for Apache 2 mod_suexec
 apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
 apache2-threaded-dev - Apache development headers - threaded MPM
 apache2-utils - utility programs for webservers
 apache2.2-bin - Apache HTTP Server common binary files
 apache2.2-common - Apache HTTP Server common files
Closes: 717272 722333
Changes: 
 apache2 (2.2.16-6+squeeze12) squeeze; urgency=medium
 .
   * Security: CVE-2013-1862: mod_rewrite: Ensure that client data written to
     the RewriteLog is escaped to prevent terminal escape sequences from
     entering the log file. Closes: #722333
   * Security: CVE-2013-1896: mod_dav: denial of service via MERGE request.
     Closes: #717272
   * mod_dav: Fix segfaults in certain error conditions.
     https://issues.apache.org/bugzilla/show_bug.cgi?id=52559
Checksums-Sha1: 
 82b6c156735408afee7ecdb2141ece90f0907b8c 1819 apache2_2.2.16-6+squeeze12.dsc
 5931bc79595d61386605a8835048a8489590f2c0 231836 apache2_2.2.16-6+squeeze12.diff.gz
 601d32b60d09c15a562b45add3f586f59a514850 2305490 apache2-doc_2.2.16-6+squeeze12_all.deb
 d4780e9b3e0d5abbde9e244143554bbb81f19db3 309336 apache2.2-common_2.2.16-6+squeeze12_i386.deb
 ab1392229ffc0227e4909667acb370f384b60778 1354954 apache2.2-bin_2.2.16-6+squeeze12_i386.deb
 69e79c10d46834aa5622deb37c2e4c4e0f9e2b1b 2234 apache2-mpm-worker_2.2.16-6+squeeze12_i386.deb
 7ae6b0b78269460f85dbf51954a4f24ddc0396c1 2290 apache2-mpm-prefork_2.2.16-6+squeeze12_i386.deb
 b01323ed840b35f08e5d54a54093b0335475bfd9 2266 apache2-mpm-event_2.2.16-6+squeeze12_i386.deb
 be4e7804f442d5677337dd099364de2627c9f9a1 2296 apache2-mpm-itk_2.2.16-6+squeeze12_i386.deb
 bf62aa0a4c60029850afe49fef88e2833a09a3fd 165890 apache2-utils_2.2.16-6+squeeze12_i386.deb
 7fbd9b1f7400da4ed67e08df2d3078f7902b7bd7 100520 apache2-suexec_2.2.16-6+squeeze12_i386.deb
 d21f43552705114f1746e6958685ec990654e72e 102076 apache2-suexec-custom_2.2.16-6+squeeze12_i386.deb
 1ac250e6e528067a126d536f4ca61f7155f463c1 1392 apache2_2.2.16-6+squeeze12_i386.deb
 9e5916e8a78b9395b831623ddfb523046fb221c7 137240 apache2-prefork-dev_2.2.16-6+squeeze12_i386.deb
 75865fa2ec18cb15db451e4f5c5d028ec1192f57 138370 apache2-threaded-dev_2.2.16-6+squeeze12_i386.deb
 d4377ec96068bb6a2fe057e673bf21de4bcdcac9 2682448 apache2-dbg_2.2.16-6+squeeze12_i386.deb
Checksums-Sha256: 
 ca7e9c4d0d0f97b23d0da7e1b9c94562aa78ecde0226c839df3e981a7203fc3e 1819 apache2_2.2.16-6+squeeze12.dsc
 6ec13b2d398a5ac1219391fed1918d7bbf1ed688e4f956022305f5a6a61accec 231836 apache2_2.2.16-6+squeeze12.diff.gz
 d9dd16c107070abe2c25e35539bc19ead990beba4a5b5e93c0f166fef12fb89f 2305490 apache2-doc_2.2.16-6+squeeze12_all.deb
 d88d31c91aff63b5fa5b6a7985ad7156c8c9c11c80f78946314abef5b3460cec 309336 apache2.2-common_2.2.16-6+squeeze12_i386.deb
 c004fb887b670d42c7b85e937a8d0b97ab37f2f035f505751fca3f07a2792b34 1354954 apache2.2-bin_2.2.16-6+squeeze12_i386.deb
 5c1a8602d37769c93b1531ecf94a93eaf5c48ac25e3dac3f329211d6e7193c08 2234 apache2-mpm-worker_2.2.16-6+squeeze12_i386.deb
 3d9218939181a93624984b8fd116e333bb2ca09bd3c75447419453401fc6e953 2290 apache2-mpm-prefork_2.2.16-6+squeeze12_i386.deb
 c5d26b6d2f14daf754dbc5226620f9d56db2fe5ef9e6b6b3d9ee5af14d7a05a0 2266 apache2-mpm-event_2.2.16-6+squeeze12_i386.deb
 0cb1dfb86a99944dfcee67f3ca03bac805e3d235c6bc412de3b4daf577530eb6 2296 apache2-mpm-itk_2.2.16-6+squeeze12_i386.deb
 d67cf4746c447101a9f9277094cee1d4cbd998434831188f30a6928097b16dd8 165890 apache2-utils_2.2.16-6+squeeze12_i386.deb
 69e385d0f0db2e27299e9c512004f4b6e889817957b0160761d744568107ab77 100520 apache2-suexec_2.2.16-6+squeeze12_i386.deb
 20a2f32d0e88a0f9b411e3ed0fa9463dd7508dca70196640b058182220a7d81d 102076 apache2-suexec-custom_2.2.16-6+squeeze12_i386.deb
 4319a45666232f1308005834b131ba7d2c1da5e8d15901529b1ceb9f604e5dd9 1392 apache2_2.2.16-6+squeeze12_i386.deb
 f99f9c6154349f2cc2faf297c870564b002635031ccdb22bdc2dc02c5a904698 137240 apache2-prefork-dev_2.2.16-6+squeeze12_i386.deb
 122965a3c19c0720ff1b860d16bf020ed27523f8ce992a881589fe7736ecef71 138370 apache2-threaded-dev_2.2.16-6+squeeze12_i386.deb
 1f6937e9ea116f93b02edb180ea96e4840228b11beb454fa8edb3fc5e566e0f4 2682448 apache2-dbg_2.2.16-6+squeeze12_i386.deb
Files: 
 c5023cc54b4c1b29956a7752e6ef2a62 1819 httpd optional apache2_2.2.16-6+squeeze12.dsc
 e4606c56323e6c304db2aa02aead10cf 231836 httpd optional apache2_2.2.16-6+squeeze12.diff.gz
 72c56191e2cc7941883773e5610ac57b 2305490 doc optional apache2-doc_2.2.16-6+squeeze12_all.deb
 add687d3ccfbed6e1b7f8248a59c879e 309336 httpd optional apache2.2-common_2.2.16-6+squeeze12_i386.deb
 90b7e281bf7066fe24247d4419caa93c 1354954 httpd optional apache2.2-bin_2.2.16-6+squeeze12_i386.deb
 fc5c712716c33a6e30730a1b8002cc4d 2234 httpd optional apache2-mpm-worker_2.2.16-6+squeeze12_i386.deb
 973cca13267a594373831a3d2fb8e700 2290 httpd optional apache2-mpm-prefork_2.2.16-6+squeeze12_i386.deb
 e839b9a57c6d037f6b2e6964b06c5f11 2266 httpd optional apache2-mpm-event_2.2.16-6+squeeze12_i386.deb
 74837471d732be2c0466a209bc5e5fdf 2296 httpd extra apache2-mpm-itk_2.2.16-6+squeeze12_i386.deb
 28101d1701acadea2564c011bd0ea2a8 165890 httpd optional apache2-utils_2.2.16-6+squeeze12_i386.deb
 dbe7a1d80f6cd5cd0438eab37efb1071 100520 httpd optional apache2-suexec_2.2.16-6+squeeze12_i386.deb
 e2348ecdea5d9751c7a585259419f1de 102076 httpd extra apache2-suexec-custom_2.2.16-6+squeeze12_i386.deb
 e3da272fe85d1b5a7f802a25c126a594 1392 httpd optional apache2_2.2.16-6+squeeze12_i386.deb
 86b7b851298e878d3d7e44dd7114c7d3 137240 httpd extra apache2-prefork-dev_2.2.16-6+squeeze12_i386.deb
 c2e3828de77386daadc9f2a0a5e3a6a1 138370 httpd extra apache2-threaded-dev_2.2.16-6+squeeze12_i386.deb
 6e70af9a6489bed0cb7bdbdd8509e725 2682448 debug extra apache2-dbg_2.2.16-6+squeeze12_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFS6Cu0bxelr8HyTqQRAo6GAKC64cnSHxajkBVBywPhKXhEgyhJyACgwbEX
o8ZZc52YHhfzgSZY8qlKtjU=
=PZB+
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.