Debian Bug report logs -
#778925
CVE-2015-1548
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Sat, 21 Feb 2015 20:57:06 UTC
Severity: grave
Tags: security
Fixed in version mini-httpd/1.21-1
Done: Jose dos Santos Junior <j.s.junior@live.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Marvin Stark <marv@der-marv.de>:
Bug#778925; Package mini-httpd.
(Sat, 21 Feb 2015 20:57:11 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Marvin Stark <marv@der-marv.de>.
(Sat, 21 Feb 2015 20:57:11 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: mini-httpd
Severity: grave
Tags: security
Please see
http://itinsight.hu/en/posts/articles/2015-01-23-mini-httpd/
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Marvin Stark <marv@der-marv.de>:
Bug#778925; Package mini-httpd.
(Wed, 02 Sep 2015 00:30:03 GMT) (full text, mbox, link).
Acknowledgement sent
to "J.S.Júnior" <j.s.junior@live.com>:
Extra info received and forwarded to list. Copy sent to Marvin Stark <marv@der-marv.de>.
(Wed, 02 Sep 2015 00:30:03 GMT) (full text, mbox, link).
Message #10 received at 778925@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
owner 778925 !
thanks
I working this package
Thanks Moritz and Thanks Peter Kasza
[]`s
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Marvin Stark <marv@der-marv.de>:
Bug#778925; Package mini-httpd.
(Wed, 09 Sep 2015 21:36:04 GMT) (full text, mbox, link).
Acknowledgement sent
to J.S.Júnior <j.s.junior@live.com>:
Extra info received and forwarded to list. Copy sent to Marvin Stark <marv@der-marv.de>.
Your message did not contain a Subject field. They are recommended and
useful because the title of a Bug is determined using this field.
Please remember to include a Subject field in your messages in future.
(Wed, 09 Sep 2015 21:36:04 GMT) (full text, mbox, link).
Message #15 received at 778925@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi, thanks for your information.
Fix it in next uploud, with patch of Peter Kasza peter.kasza@itinsight.hu
Thanks Peter Kasza for your helping.
[]'s
[Message part 2 (application/pgp-signature, inline)]
Reply sent
to Jose dos Santos Junior <j.s.junior@live.com>:
You have taken responsibility.
(Tue, 15 Sep 2015 21:45:31 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Tue, 15 Sep 2015 21:45:31 GMT) (full text, mbox, link).
Message #20 received at 778925-close@bugs.debian.org (full text, mbox, reply):
Source: mini-httpd
Source-Version: 1.21-1
We believe that the bug you reported is fixed in the latest version of
mini-httpd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 778925@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jose dos Santos Junior <j.s.junior@live.com> (supplier of updated mini-httpd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 03 Sep 2015 14:59:53 -0300
Source: mini-httpd
Binary: mini-httpd
Architecture: source amd64
Version: 1.21-1
Distribution: unstable
Urgency: medium
Maintainer: Jose dos Santos Junior <j.s.junior@live.com>
Changed-By: Jose dos Santos Junior <j.s.junior@live.com>
Description:
mini-httpd - Small HTTP server
Closes: 510905 520941 569599 664363 730373 755892 778925 780194
Changes:
mini-httpd (1.21-1) unstable; urgency=medium
.
* New upstream release.
* New maintainer. (Closes: #780194)
* Fix CVE-2015-1548
- Patch fix-add_to_response-buffer-overflow. (Closes: #778925)
* d/control:
- Bump Standard-Version to 3.9.6.
- Bump debhelper to 9.
- Remove deprecated dpatch.
- Upgrade packaging format "3.0 (quilt)". (Closes: #664363)
- Remove article in description synopsis.
- Add ${misc:Depends}.
* d/copyright
- Update to DEP5 format.
- Formatting copyright.
* d/rules:
- Upgrade to dh sequencer.
- Added upstream changelog extracted from mini-httpd website.
* d/mini-httpd.init.d:
- Fix restart error. (Closes: #510905, #755892)
* d/patches:
- Fix and add SCRIPT_FILENAME in patch 03-cgi-php. (Closes: #569599)
- Ensure hardening is enabled for mini_httpd.c.
- Don't install htpasswd.1.
- Add index.mini-httpd.html to the list of index names.
* d/mini-httpd.init.d
- Source /lib/lsb/init-functions.
- Add "status" command.
* d/mini-httpd.postinst
- Copy index.mini-httpd.html. (Closes: #730373)
- Use "set -e" and don't install htpasswd. (Closes: #520941)
Checksums-Sha1:
1b2da7954681dfe8c423e45bc10b70e03a877e00 1730 mini-httpd_1.21-1.dsc
affd3e73f54ddf89c8ee82afdecf046eaabf755b 43351 mini-httpd_1.21.orig.tar.gz
8e85a6876c5d5770c2dcf30c2f8edd8d515f388c 13248 mini-httpd_1.21-1.debian.tar.xz
b0a2a33bf2d675983e3d712fcba17a459dd1798c 39398 mini-httpd_1.21-1_amd64.deb
Checksums-Sha256:
78a72442388016b017f7c8365bd62aceeaccc65cec809522c1dcfc123f133254 1730 mini-httpd_1.21-1.dsc
0829969f6e8cd7263dfc0eeeaddc92b9a564c7a68bc72b2d1b4af6c2198d9931 43351 mini-httpd_1.21.orig.tar.gz
267ed9d99ebac68895b7acdc91ccef22747b688521728037f43f5ee30932fd2f 13248 mini-httpd_1.21-1.debian.tar.xz
d200e700109899b0d957de66883e4b592c9dfc199375a9345359461a27ec392d 39398 mini-httpd_1.21-1_amd64.deb
Files:
450304ec78d608e0c043de8ff7a0b538 1730 web optional mini-httpd_1.21-1.dsc
c7d18a2952eb44282366c127e6dc3870 43351 web optional mini-httpd_1.21.orig.tar.gz
1f2ed2958ddf52dcbfda0554b3820977 13248 web optional mini-httpd_1.21-1.debian.tar.xz
d6f6cca8a74d9c6c5026b2f9973faf3a 39398 web optional mini-httpd_1.21-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJV+H4vAAoJEJWkL+g1NSX5eo4P/R/Aefvji0SBpLwwrUmS1tQi
+K0kAo1CvkLtGY3f+NgxloS/J7GzpPfXtef9dNijvdLt+TeJKZyFQtyWu2JyXtzm
S/Bxv8K4RvUAcIoFh5Sj1nzjkA7HgrX8VZcGBLA8lkW8JjW5sfup6eP9P+SFqFXn
JZLSr/785gW8EX1TLR6xyIa6JWDAgQHj3HVgncXQanCn9yHt3tqXIvhYMZLhbPgO
IFLUTr9pm9VAT9VV+jfxK2Da/drFZNYmrlFns9njefybMY7Y0ouoK67oAFrrpkaP
0g7c708iZLpVWwvjou1e0zq+cVaqY5K9sG3K6be78hctPp9/0C0/ZZQQS2UA1FsX
/5XVo6d6EBaEBIaSDUY4khOeluBPYmFRziNUHExH1E0CinUGqPNjK5hqcJOgByTc
tNZ5xa8Ncy2dYImCXizH9qdQM9bBFvH8QOxyUAC+9ffgsKlnYLnZRmkhEO7Ecr3o
L7KisExGhwVV1kzMzmCjkTT5VTEubPREaoMsdO9za9qwSG3CyQ/bwYgmppYPlVHO
gqqOiL0h7pW3vZrz5KtFDQ3W4iyMYbCxOQV10iTuwWCQqb+ge00DAjR+ddmUNWJX
+iyZeDgHXUjhn4kY/6mBkXcdsPyyHQ1P4DfKgM1f17A7A/ElQVQ16NdTZ2HkUx6t
YmnsS6i7HUyt+YzBY6hA
=TPq2
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 28 Jun 2016 07:27:42 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:06:38 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon