Debian Bug report logs -
#380182
CVE-2006-3747: off-by-one security problem in mod_rewrite
Reported by: sf@sfritsch.de
Date: Fri, 28 Jul 2006 08:48:01 UTC
Severity: grave
Tags: patch, security
Found in version apache2/2.0.55-4
Done: Tollef Fog Heen <tfheen@vawad.err.no>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Apache Maintainers <debian-apache@lists.debian.org>
:
Bug#380182
; Package apache2
.
(full text, mbox, link).
Acknowledgement sent to sf@sfritsch.de
:
New Bug report received and forwarded. Copy sent to Debian Apache Maintainers <debian-apache@lists.debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
package: apache2
version: 2.0.55-4
severity: grave
tags: security patch
SECURITY: CVE-2006-3747
mod_rewrite: Fix an off-by-one security problem in the ldap scheme
handling. For some RewriteRules this could lead to a pointer being
written out of bounds. Reported by Mark Dowd of McAfee.
patch is at
http://svn.apache.org/viewvc/httpd/httpd/tags/2.0.59/modules/mappers/mod_rewrite.c?view=log
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Apache Maintainers <debian-apache@lists.debian.org>
:
Bug#380182
; Package apache2
.
(full text, mbox, link).
Acknowledgement sent to Steve Kemp <skx@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Apache Maintainers <debian-apache@lists.debian.org>
.
(full text, mbox, link).
Message #10 received at 380182@bugs.debian.org (full text, mbox, reply):
A security advisory is pending.
This bug applies to both the apache and apache2 packages. Same
fix in both packages, but in different locations...
Steve
--
Tags added: fixed
Request was from Steve Kemp <skx@debian.org>
to control@bugs.debian.org
.
(full text, mbox, link).
Tags removed: fixed
Request was from Tollef Fog Heen <tfheen@vawad.err.no>
to control@bugs.debian.org
.
(full text, mbox, link).
Reply sent to Tollef Fog Heen <tfheen@vawad.err.no>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to sf@sfritsch.de
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #19 received at 380182-done@bugs.debian.org (full text, mbox, reply):
tag 299855 - fixed
tag 349416 - fixed
tag 374160 - fixed
tag 380182 - fixed
tag 381376 - fixed
thanks
Those are fixed in an NMU which was accepted by the maintainer, so closing properly.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 5 Aug 2006 21:35:53 +0000
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-worker libapr0 apache2-threaded-dev apache2-common apache2-mpm-perchild
Architecture: source i386 all
Version: 2.0.55-4.1
Distribution: unstable
Urgency: high
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Steve Kemp <skx@debian.org>
Description:
apache2 - next generation, scalable, extendable web server
apache2-common - next generation, scalable, extendable web server
apache2-doc - documentation for apache2
apache2-mpm-perchild - experimental high speed perchild threaded model for Apache2
apache2-mpm-prefork - traditional model for Apache2
apache2-mpm-worker - high speed threaded model for Apache2
apache2-prefork-dev - development headers for apache2
apache2-threaded-dev - development headers for apache2
apache2-utils - utility programs for webservers
libapr0 - the Apache Portable Runtime
libapr0-dev - development headers for libapr
Closes: 299855 349416 374160 380182 381376
Changes:
apache2 (2.0.55-4.1) unstable; urgency=high
.
* Non-maintainer upload. Urgency set to high due to security fixes.
* Added '052_mod_rewrite_CVE-2006-3747' to fix the off-by-one bug in
mod_rewrite.
[CVE-2006-3747]. (Closes: #380182)
* Added '053_restore_prefix_fix' to allow rebuilding from source.
(Closes: #374160)
* Added '054_apr_sendfile' to allow building for Hurd.
(Closes: #349416)
* Added '055_expect_CVE-2006-3918' to fix XSS attack in Expect headers.
[CVE-2006-3918]. (Closes: #381376)
* Added bash-completion script from Guillaume Rousse.
(Closes: #299855)
Files:
223b02dffbc296dcf0855cae7d6f6859 1134 net optional apache2_2.0.55-4.1.dsc
34cac9f7ea8697a56ee130560f687af9 116470 net optional apache2_2.0.55-4.1.diff.gz
40c4f5ddc6e647fcc8abe4804903ead6 2123872 doc optional apache2-doc_2.0.55-4.1_all.deb
681dff30e6b08474e6d9b49fcaa7c568 807452 net optional apache2-common_2.0.55-4.1_i386.deb
ab6615b417ed4affe66389bbce800fe5 93222 net optional apache2-utils_2.0.55-4.1_i386.deb
2a48688e3b47de8c7a0a6185d608fbcb 211658 net optional apache2-mpm-worker_2.0.55-4.1_i386.deb
fdd54801157e6bd36ba68c77244596bf 212042 net optional apache2-mpm-perchild_2.0.55-4.1_i386.deb
513ca07e0b20fb6c01c8b7694e633c10 208356 net optional apache2-mpm-prefork_2.0.55-4.1_i386.deb
51aa0db7789049d0235a76847f9bae4d 170694 devel optional apache2-prefork-dev_2.0.55-4.1_i386.deb
101040cfbdab20d7905c4b2715dc145c 171446 devel optional apache2-threaded-dev_2.0.55-4.1_i386.deb
8903bed1cae49fd6cbdbb257529e3bf5 137450 net optional libapr0_2.0.55-4.1_i386.deb
f52a39811ae1212260eb2f2011135291 266536 libdevel optional libapr0-dev_2.0.55-4.1_i386.deb
83ef811301c7bfe380ae939a3a73cf72 35604 web optional apache2_2.0.55-4.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFE1RIKwM/Gs81MDZ0RAm6OAJ989piJWwpIaxKGfohSvyaxI0KsfwCeLThA
k8Ldo9vjUYbm86AnH4D2Doo=
=+WoX
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Tue, 19 Jun 2007 03:28:52 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:34:50 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.