CVE-2009-3094, CVE-2009-3095: mod_proxy_ftp DoS

Debian Bug report logs - #545951
CVE-2009-3094, CVE-2009-3095: mod_proxy_ftp DoS

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Giuseppe Iuculano <giuseppe@iuculano.it>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2009-3094, CVE-2009-3095: mod_proxy_ftp DoS

Date: Thu, 10 Sep 2009 10:12:29 +0200

Package: apache2.2-common
Version: 2.2.12-1
Severity: normal
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for apache2.

CVE-2009-3094[0]:
| The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the
| mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13
| allows remote FTP servers to cause a denial of service (NULL pointer
| dereference and child process crash) via a malformed reply to an EPSV
| command.
NOTE: as of 20090910 this disclosure has no actionable information
NOTE: based on a VulnDisco commercial 0day

CVE-2009-3095[1]:
| The mod_proxy_ftp module in the Apache HTTP Server allows remote
| attackers to bypass intended access restrictions and send arbitrary
| commands to an FTP server via vectors related to the embedding of
| these commands in the Authorization HTTP header, as demonstrated by a
| certain module in VulnDisco Pack Professional 8.11.  NOTE: as of
| 20090903, this disclosure has no actionable information. However,
| because the VulnDisco Pack author is a reliable researcher, the issue
| is being assigned a CVE identifier for tracking purposes.
NOTE: mod_proxy_ftp should be enabled. with -mpm-prefork only a child crashes, not a really DoS
NOTE: when doing reverse proxy, servers to which requests are proxied are usually trusted

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094
    http://security-tracker.debian.net/tracker/CVE-2009-3094
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095
    http://security-tracker.debian.net/tracker/CVE-2009-3095


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqotOkACgkQNxpp46476ar6FwCeMtLWlTSFzMgYQXHELSpCSXOM
Nv0AnReVdv6JuBkn0rEmhy8WmJBKzCAp
=fwCl
-----END PGP SIGNATURE-----

Message #10 received at 545951-close@bugs.debian.org (full text, mbox, reply):

From: Stefan Fritsch <sf@debian.org>

To: 545951-close@bugs.debian.org

Subject: Bug#545951: fixed in apache2 2.2.13-2

Date: Wed, 16 Sep 2009 22:03:59 +0000

Source: apache2
Source-Version: 2.2.13-2

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

apache2-dbg_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2-dbg_2.2.13-2_i386.deb
apache2-doc_2.2.13-2_all.deb
  to pool/main/a/apache2/apache2-doc_2.2.13-2_all.deb
apache2-mpm-event_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2-mpm-event_2.2.13-2_i386.deb
apache2-mpm-itk_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2-mpm-itk_2.2.13-2_i386.deb
apache2-mpm-prefork_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.2.13-2_i386.deb
apache2-mpm-worker_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.2.13-2_i386.deb
apache2-prefork-dev_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.2.13-2_i386.deb
apache2-suexec-custom_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2-suexec-custom_2.2.13-2_i386.deb
apache2-suexec_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2-suexec_2.2.13-2_i386.deb
apache2-threaded-dev_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.2.13-2_i386.deb
apache2-utils_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2-utils_2.2.13-2_i386.deb
apache2.2-bin_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2.2-bin_2.2.13-2_i386.deb
apache2.2-common_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2.2-common_2.2.13-2_i386.deb
apache2_2.2.13-2.diff.gz
  to pool/main/a/apache2/apache2_2.2.13-2.diff.gz
apache2_2.2.13-2.dsc
  to pool/main/a/apache2/apache2_2.2.13-2.dsc
apache2_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2_2.2.13-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 545951@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 16 Sep 2009 20:55:02 +0200
Source: apache2
Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg
Architecture: source i386 all
Version: 2.2.13-2
Distribution: unstable
Urgency: high
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description: 
 apache2    - Apache HTTP Server metapackage
 apache2-dbg - Apache debugging symbols
 apache2-doc - Apache HTTP Server documentation
 apache2-mpm-event - Apache HTTP Server - event driven model
 apache2-mpm-itk - multiuser MPM for Apache 2.2
 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
 apache2-mpm-worker - Apache HTTP Server - high speed threaded model
 apache2-prefork-dev - Apache development headers - non-threaded MPM
 apache2-suexec - Standard suexec program for Apache 2 mod_suexec
 apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
 apache2-threaded-dev - Apache development headers - threaded MPM
 apache2-utils - utility programs for webservers
 apache2.2-bin - Apache HTTP Server common binary files
 apache2.2-common - Apache HTTP Server common files
Closes: 541536 541607 544509 545951
Changes: 
 apache2 (2.2.13-2) unstable; urgency=high
 .
   * mod_proxy_ftp security fixes (closes: #545951):
     - DoS by malicious ftp server (CVE-2009-3094)
     - missing input sanitization: a user could execute arbitrary ftp commands
       on the backend ftp server (CVE-2009-3095)
   * Add entries to NEWS.Debian and README.Debian about Apache being stricter
     about certain misconfigurations involving name based SSL virtual hosts.
     Also make Apache print the location of the misconfigured VirtualHost when
     it complains about a missing SSLCertificateFile statement. Closes: #541607
   * Add Build-Conflicts: autoconf2.13 (closes: #541536).
   * Adjust priority of apache2-mpm-itk to extra.
   * Switch apache2.2-common and the four mpm packages from architecture all to
     any. This is stupid but makes apache2 binNMUable again (closes: #544509).
   * Bump Standards-Version (no changes).
Checksums-Sha1: 
 bbd12d630b1005da87f4a40d1e7889a10c8de1e9 1813 apache2_2.2.13-2.dsc
 7938c204ffb780f9f66dc20269d049f99877c53f 181484 apache2_2.2.13-2.diff.gz
 34209f96e048870b3b3e957f2b3d95237bd04965 292296 apache2.2-common_2.2.13-2_i386.deb
 208a848093a9cce5610ebb80ae1b59bb5b91587b 1301960 apache2.2-bin_2.2.13-2_i386.deb
 85be746b8de17525a4c6fc3e42c2f77bdb189848 2268 apache2-mpm-worker_2.2.13-2_i386.deb
 817038c091c470b463ed0eb30038d18055938701 2330 apache2-mpm-prefork_2.2.13-2_i386.deb
 f5ea922ce44cc90f0d2dad5c1ba5cbb57fbfaa23 2300 apache2-mpm-event_2.2.13-2_i386.deb
 5c7fb9e384ff086f5c759dd1c82a7a50f8cf61bb 2328 apache2-mpm-itk_2.2.13-2_i386.deb
 80a939fcd07158426bf46a4335d98e3919393863 154800 apache2-utils_2.2.13-2_i386.deb
 ee1532bdeb716d7a65b070f44c125a9b0c719417 90904 apache2-suexec_2.2.13-2_i386.deb
 9705b9247d5f1bc8a43ce4fd23c0f473cf8c2755 92454 apache2-suexec-custom_2.2.13-2_i386.deb
 9d94647ee45435dfe7b6fd615de87caa43a322d1 1376 apache2_2.2.13-2_i386.deb
 15b21bf3143516d9cf474cf8b07eca7b0a4498ba 138032 apache2-prefork-dev_2.2.13-2_i386.deb
 0695a7874db9faf3a1f3b3f486a02f1215a536b9 139216 apache2-threaded-dev_2.2.13-2_i386.deb
 1fe9992cb0b4506b69deab0f1eba372167846b14 2672452 apache2-dbg_2.2.13-2_i386.deb
 8f355ceb4dc3863438dcf5356f7cccf422c21a45 2272814 apache2-doc_2.2.13-2_all.deb
Checksums-Sha256: 
 aaf0110a68aa27e084f356c343c4aa411e35c01bdd519992615fa722cf72a5bd 1813 apache2_2.2.13-2.dsc
 269b3301498c8ff0a5187502a1999ad7e78d35e3afafc2bfba8747d7256b5930 181484 apache2_2.2.13-2.diff.gz
 bf601051a11727ca378925b2f08fc1c0f1fbc45fc375c54b38809974e1005b77 292296 apache2.2-common_2.2.13-2_i386.deb
 4f1f9bb778349d1a8955e953364e9fcd22ff26f9007b568ee7f2ac3410beae54 1301960 apache2.2-bin_2.2.13-2_i386.deb
 d9e11cea3b05c0eca723851beb6b6977db22d99221af107b8064072bbdd98087 2268 apache2-mpm-worker_2.2.13-2_i386.deb
 bb7bc32609b0393c8f23c4092a919aec8541f7edb19b246124228bc7ad0d80c3 2330 apache2-mpm-prefork_2.2.13-2_i386.deb
 efac0d8b55f1758170e41a824800703861cf64fe4dac0ff6d98d2612ec9e83d3 2300 apache2-mpm-event_2.2.13-2_i386.deb
 c5d6389bb3d5a8ad95ac476ecd0b8eccf87eee9fdb022b662eed801d5c963a92 2328 apache2-mpm-itk_2.2.13-2_i386.deb
 6f9fb6690307496ab52005723a80ca3e1cc8527170f57454610662324ffb4764 154800 apache2-utils_2.2.13-2_i386.deb
 7a212bc37d2219500de6e15bf3224bb5a3348cd1ede593aa28812ed13779676d 90904 apache2-suexec_2.2.13-2_i386.deb
 71baa7bce8942912efe669378dfe3f0fce5fe9542d8ec5f600821c157af35f27 92454 apache2-suexec-custom_2.2.13-2_i386.deb
 7710a1cca521eae7ca282ae0f21d914577bcfadbf5c503cb31e4569d845127e7 1376 apache2_2.2.13-2_i386.deb
 da938db98baecb070b2839d287e54a6d0d95a681e9ea8d04982b389080a9ccc5 138032 apache2-prefork-dev_2.2.13-2_i386.deb
 dfc063caae79629fa18744cea730ef73be2c0fc103ba7f5f0c6c0c9c7871bec7 139216 apache2-threaded-dev_2.2.13-2_i386.deb
 cf2718c27af28f88343d7e3b7f19d09651d5a12ec5b31d025432b3ab8e05ebaf 2672452 apache2-dbg_2.2.13-2_i386.deb
 22fbf875bbaf412d194d8604d61bf3045769414d840d939f1558663796e77887 2272814 apache2-doc_2.2.13-2_all.deb
Files: 
 97bad00546872899c897af892c472e61 1813 httpd optional apache2_2.2.13-2.dsc
 b86f09d23e32384f679276007cbd9095 181484 httpd optional apache2_2.2.13-2.diff.gz
 471bccf7c92ca8ee22fae71ef847e52a 292296 httpd optional apache2.2-common_2.2.13-2_i386.deb
 286a5778b758a073aa296269e49cb596 1301960 httpd optional apache2.2-bin_2.2.13-2_i386.deb
 ffa4691e7df5d0178d5ff7f9322c1b41 2268 httpd optional apache2-mpm-worker_2.2.13-2_i386.deb
 e8743341f6b03f4c3d8b81fad957e738 2330 httpd optional apache2-mpm-prefork_2.2.13-2_i386.deb
 2ff7fa8d12596611ded962aae41fce0b 2300 httpd optional apache2-mpm-event_2.2.13-2_i386.deb
 22e76983a8954a25126b1e19f6b507ae 2328 httpd extra apache2-mpm-itk_2.2.13-2_i386.deb
 39a3ffb8d6162841a1269c23bfb13479 154800 httpd optional apache2-utils_2.2.13-2_i386.deb
 8ca00bd9a08c22b4797db31e4ee2abd7 90904 httpd optional apache2-suexec_2.2.13-2_i386.deb
 cf2ba08382e1563c0194152509e843b3 92454 httpd extra apache2-suexec-custom_2.2.13-2_i386.deb
 fd9b3cecff03088b35bddde0be34e2c8 1376 httpd optional apache2_2.2.13-2_i386.deb
 7cfbf6f406d8cf1829d4ad5c8e5825b2 138032 httpd extra apache2-prefork-dev_2.2.13-2_i386.deb
 f527eb83f7179f02b7cc0bc13261ae07 139216 httpd extra apache2-threaded-dev_2.2.13-2_i386.deb
 0a58245ed8f8a40acf08589505afa026 2672452 debug extra apache2-dbg_2.2.13-2_i386.deb
 31bb0c0e3c48710812e5dda3fc128e5c 2272814 doc optional apache2-doc_2.2.13-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFKsUSJbxelr8HyTqQRAgkBAJ9LUO53e3KLjYkG18vdJ06Jce90EwCdFwDa
WoBXtQ17ZlGTgSu60SHu65Q=
=XRVy
-----END PGP SIGNATURE-----

Message #15 received at 545951-close@bugs.debian.org (full text, mbox, reply):

From: Stefan Fritsch <sf@debian.org>

To: 545951-close@bugs.debian.org

Subject: Bug#545951: fixed in apache2 2.2.9-10+lenny5

Date: Fri, 16 Oct 2009 19:58:32 +0000

Source: apache2
Source-Version: 2.2.9-10+lenny5

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

apache2-dbg_2.2.9-10+lenny5_i386.deb
  to pool/main/a/apache2/apache2-dbg_2.2.9-10+lenny5_i386.deb
apache2-doc_2.2.9-10+lenny5_all.deb
  to pool/main/a/apache2/apache2-doc_2.2.9-10+lenny5_all.deb
apache2-mpm-event_2.2.9-10+lenny5_i386.deb
  to pool/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny5_i386.deb
apache2-mpm-prefork_2.2.9-10+lenny5_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny5_i386.deb
apache2-mpm-worker_2.2.9-10+lenny5_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny5_i386.deb
apache2-prefork-dev_2.2.9-10+lenny5_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny5_i386.deb
apache2-src_2.2.9-10+lenny5_all.deb
  to pool/main/a/apache2/apache2-src_2.2.9-10+lenny5_all.deb
apache2-suexec-custom_2.2.9-10+lenny5_i386.deb
  to pool/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny5_i386.deb
apache2-suexec_2.2.9-10+lenny5_i386.deb
  to pool/main/a/apache2/apache2-suexec_2.2.9-10+lenny5_i386.deb
apache2-threaded-dev_2.2.9-10+lenny5_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny5_i386.deb
apache2-utils_2.2.9-10+lenny5_i386.deb
  to pool/main/a/apache2/apache2-utils_2.2.9-10+lenny5_i386.deb
apache2.2-common_2.2.9-10+lenny5_i386.deb
  to pool/main/a/apache2/apache2.2-common_2.2.9-10+lenny5_i386.deb
apache2_2.2.9-10+lenny5.diff.gz
  to pool/main/a/apache2/apache2_2.2.9-10+lenny5.diff.gz
apache2_2.2.9-10+lenny5.dsc
  to pool/main/a/apache2/apache2_2.2.9-10+lenny5.dsc
apache2_2.2.9-10+lenny5_all.deb
  to pool/main/a/apache2/apache2_2.2.9-10+lenny5_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 545951@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 05 Oct 2009 19:07:08 +0200
Source: apache2
Binary: apache2.2-common apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-src apache2-dbg
Architecture: source i386 all
Version: 2.2.9-10+lenny5
Distribution: stable
Urgency: low
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description: 
 apache2    - Apache HTTP Server metapackage
 apache2-dbg - Apache debugging symbols
 apache2-doc - Apache HTTP Server documentation
 apache2-mpm-event - Apache HTTP Server - event driven model
 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
 apache2-mpm-worker - Apache HTTP Server - high speed threaded model
 apache2-prefork-dev - Apache development headers - non-threaded MPM
 apache2-src - Apache source code
 apache2-suexec - Standard suexec program for Apache 2 mod_suexec
 apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
 apache2-threaded-dev - Apache development headers - threaded MPM
 apache2-utils - utility programs for webservers
 apache2.2-common - Apache HTTP Server common files
Closes: 517089 524268 528951 537665 545951
Changes: 
 apache2 (2.2.9-10+lenny5) stable; urgency=low
 .
   * Minor security fixes in mod_proxy_ftp (closes: #545951):
     - DoS by malicious ftp server (CVE-2009-3094)
     - missing input sanitization: a user could execute arbitrary ftp commands
       on the backend ftp server (CVE-2009-3095)
   * Fix segfault in legacy ap_r* API which is triggered more often since
     the fix for CVE-2009-1891 was applied (closes: #537665).
   * Take care to not override existing index.shtml files when upgrading from
     before 2.2.8-1 (closes: #517089).
   * mod_deflate: Fix invalid etag to be emitted for on-the-fly gzip
     content-encoding. This prevented apache from sending "304 NOT MODIFIED"
     responses for compressed content.
   * mod_rewrite: Fix "B" flag breakage (closes: #524268)
   * Properly declare that apache2-suexec* replace files in old versions of
     apache2.2-common (closes: #528951).
   * Remove other_vhosts_access.log on package purge.
Checksums-Sha1: 
 4cd35bacf4367636f64b061ac25fe41792e80ce8 1674 apache2_2.2.9-10+lenny5.dsc
 9d73dbc120d1b61cc0b8f74a949df7890403c22b 142370 apache2_2.2.9-10+lenny5.diff.gz
 2a7f19ab0f9ff14facf562cb329fdb85e1dcb2a8 782656 apache2.2-common_2.2.9-10+lenny5_i386.deb
 cdb0f46d11ede65702cddc69e7bdf7fdb025cc11 241510 apache2-mpm-worker_2.2.9-10+lenny5_i386.deb
 d01781a04e2314f4663f714a7ebff582ccb4418c 238480 apache2-mpm-prefork_2.2.9-10+lenny5_i386.deb
 6e22292309b13aec0e087dded68011f1f8343041 241964 apache2-mpm-event_2.2.9-10+lenny5_i386.deb
 eff93d624f98e78fd21e4cf8c593c39c7e62eea0 144090 apache2-utils_2.2.9-10+lenny5_i386.deb
 bcb27f5d5017f69f83d167169aa89f4698dbcd8f 82550 apache2-suexec_2.2.9-10+lenny5_i386.deb
 c0e1a8c9646e5aad8619b3b52f6e46aed2d9d61d 84198 apache2-suexec-custom_2.2.9-10+lenny5_i386.deb
 3554646b49f15c750a3c23113e74577437f892ff 211154 apache2-prefork-dev_2.2.9-10+lenny5_i386.deb
 fba7e333c7f21cb0ff22647eecd836128a34c02f 212460 apache2-threaded-dev_2.2.9-10+lenny5_i386.deb
 a90f5a3996472ab6aa545851be1add2e2a90c123 2315310 apache2-dbg_2.2.9-10+lenny5_i386.deb
 cc4b9f2000f1642fe2e7a8e21fcf63bb622082c7 45096 apache2_2.2.9-10+lenny5_all.deb
 d1160b790d86d31372ee178789a37142a9272068 2060758 apache2-doc_2.2.9-10+lenny5_all.deb
 e2e67571bcc95c914ada5c1aa35ac189babece4d 6732286 apache2-src_2.2.9-10+lenny5_all.deb
Checksums-Sha256: 
 2b4fc052962e6336830c99b8cc4ccb9ea327ff1b1a236e5159d6608c5432bfd4 1674 apache2_2.2.9-10+lenny5.dsc
 af4750a36287fb34f50c876723889378c26483ab03ee7f7e58ef240b7fc4d303 142370 apache2_2.2.9-10+lenny5.diff.gz
 7e353ab812a5011304093ef347176acc3ce83eba4a85a8728c2583e514f62cda 782656 apache2.2-common_2.2.9-10+lenny5_i386.deb
 6e8723a506733f7d9481607a012f2641b209d75086c12a82524d94258bb16371 241510 apache2-mpm-worker_2.2.9-10+lenny5_i386.deb
 6c3743c3ec5f8c95c9b93f23891021a33715d95e9c76cdb2383060a6d5ac0027 238480 apache2-mpm-prefork_2.2.9-10+lenny5_i386.deb
 da5d06deaf139008c3f93f39c5153454479ac0114aa90cf1b62bf77cf7016e39 241964 apache2-mpm-event_2.2.9-10+lenny5_i386.deb
 2d0367e4ad03714cdb3a703d180ca0645c287996a525f30607cb708fc1cc0543 144090 apache2-utils_2.2.9-10+lenny5_i386.deb
 f9cb2b6370e275bcbc0550c423b660298698774264be2b11965c9638e6be8372 82550 apache2-suexec_2.2.9-10+lenny5_i386.deb
 1b392eef4c38a9017c702738621f120d0c16d51bd3a1ba090acc019513460627 84198 apache2-suexec-custom_2.2.9-10+lenny5_i386.deb
 5e8bc5cbcd4f1ff2e3898226ce35d595dc71df635983672990222535e296541b 211154 apache2-prefork-dev_2.2.9-10+lenny5_i386.deb
 d485ebce33f62e60221013a0fa8c2d0554ff0f1e1b235a7b9b91624407cfce3d 212460 apache2-threaded-dev_2.2.9-10+lenny5_i386.deb
 8d3b9c3c508cda66401d2e021e0e56e0502e3cb14c4c8b502215584cc2d8d47b 2315310 apache2-dbg_2.2.9-10+lenny5_i386.deb
 72e576b2aff702793f53e0a25597b241c24978f95fdbf62581d08ee39bdf2bf2 45096 apache2_2.2.9-10+lenny5_all.deb
 a0825424647d29a523991c390d0f211e341219600b4fcbefb155c826adab7206 2060758 apache2-doc_2.2.9-10+lenny5_all.deb
 70115c44791f64197034553ab42ab6e47f90d9a3ca514942e4ba129839179cfe 6732286 apache2-src_2.2.9-10+lenny5_all.deb
Files: 
 af4959f5d19a41499227492ab5a1ad0b 1674 web optional apache2_2.2.9-10+lenny5.dsc
 e0248c2405b395a7764a63293ad4a7aa 142370 web optional apache2_2.2.9-10+lenny5.diff.gz
 77096cd161c26931b4056fb95a1557ef 782656 web optional apache2.2-common_2.2.9-10+lenny5_i386.deb
 acc6fe5a6f95a25678f358481291bc2f 241510 web optional apache2-mpm-worker_2.2.9-10+lenny5_i386.deb
 808c0f7d0e7d9de2ed6ac968a5b1ad64 238480 web optional apache2-mpm-prefork_2.2.9-10+lenny5_i386.deb
 d0435d86316e0ed664ff34f9257be791 241964 web optional apache2-mpm-event_2.2.9-10+lenny5_i386.deb
 6d912ecf32d064b7ff40d7bee13ccd55 144090 web optional apache2-utils_2.2.9-10+lenny5_i386.deb
 ce8c2e3b263f4af1e76fa1ac9190ed2c 82550 web optional apache2-suexec_2.2.9-10+lenny5_i386.deb
 356fb4544d50d55d7db777721828b302 84198 web extra apache2-suexec-custom_2.2.9-10+lenny5_i386.deb
 796706af29f60b63656f69d5fe4666b9 211154 devel extra apache2-prefork-dev_2.2.9-10+lenny5_i386.deb
 b12a7b066f2a4b75414dc149f4d057a7 212460 devel extra apache2-threaded-dev_2.2.9-10+lenny5_i386.deb
 d5ef2bc8ffef29d5c56fe947d7237453 2315310 libdevel extra apache2-dbg_2.2.9-10+lenny5_i386.deb
 676c152d136010dafcb21af27b97f103 45096 web optional apache2_2.2.9-10+lenny5_all.deb
 7755ddf1f1da4cda8cfe38789e14d545 2060758 doc optional apache2-doc_2.2.9-10+lenny5_all.deb
 1e15a9c0e64aed90f14342f85af2a237 6732286 devel extra apache2-src_2.2.9-10+lenny5_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFKyi3kbxelr8HyTqQRArCNAKC8ybX0A26QjotH/mEoC5XHB5QzwQCcDdka
YtBLTWBjhTp31i4aAzgCdAo=
=2E/y
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.