Debian Bug report logs -
#433549
CVE-2007-1349 - regex denial of service
Reported by: Kees Cook <kees@outflux.net>
Date: Tue, 17 Jul 2007 20:42:01 UTC
Severity: important
Tags: patch, security
Found in version libapache2-mod-perl2/2.0.2-2.4
Fixed in version libapache2-mod-perl2/2.0.2-5
Done: Gunnar Wolf <gwolf@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Thom May <thom@debian.org>:
Bug#433549; Package libapache2-mod-perl2.
(full text, mbox, link).
Acknowledgement sent to Kees Cook <kees@outflux.net>:
New Bug report received and forwarded. Copy sent to Thom May <thom@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: libapache2-mod-perl2
Version: 2.0.2-2.4
Severity: important
Tags: patch, security
Attached is a patch for CVE-2007-1349, from upstream fixes at
http://svn.apache.org/viewvc?view=rev&revision=521584
--
Kees Cook @outflux.net
[04-regex-dos.patch (text/x-diff, attachment)]
Reply sent to Gunnar Wolf <gwolf@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Kees Cook <kees@outflux.net>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #10 received at 433549-close@bugs.debian.org (full text, mbox, reply):
Source: libapache2-mod-perl2
Source-Version: 2.0.2-5
We believe that the bug you reported is fixed in the latest version of
libapache2-mod-perl2, which is due to be installed in the Debian FTP archive:
libapache2-mod-perl2-dev_2.0.2-5_all.deb
to pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2-dev_2.0.2-5_all.deb
libapache2-mod-perl2-doc_2.0.2-5_all.deb
to pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2-doc_2.0.2-5_all.deb
libapache2-mod-perl2_2.0.2-5.diff.gz
to pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2-5.diff.gz
libapache2-mod-perl2_2.0.2-5.dsc
to pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2-5.dsc
libapache2-mod-perl2_2.0.2-5_amd64.deb
to pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2-5_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 433549@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gunnar Wolf <gwolf@debian.org> (supplier of updated libapache2-mod-perl2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 17 Aug 2007 18:27:25 -0500
Source: libapache2-mod-perl2
Binary: libapache2-mod-perl2 libapache2-mod-perl2-doc libapache2-mod-perl2-dev
Architecture: source amd64 all
Version: 2.0.2-5
Distribution: unstable
Urgency: low
Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>
Changed-By: Gunnar Wolf <gwolf@debian.org>
Description:
libapache2-mod-perl2 - Integration of perl with the Apache2 web server
libapache2-mod-perl2-dev - Integration of perl with the Apache2 web server - development fil
libapache2-mod-perl2-doc - Integration of perl with the Apache2 web server - documentation
Closes: 433549 438168
Changes:
libapache2-mod-perl2 (2.0.2-5) unstable; urgency=low
.
* New Maintainer: the Debian pkg-perl group (Closes: #438168)
* Updated copyright information including the copyright for the
packaging information
* Integrated the bugreport helper mp2bug to the /usr/share/bug way of
life, so its output is automatically included in our users' reports
* Bumping up standards-version from 3.6.1 to 3.7.2 (Only change
needed: Moving mp2bug)
* Added debian/watch
* Moved libapache2-mod-perl2-doc to section: doc
* the -dev and -doc generated binary packages are now arch: all
insteaed of arch: any
* Applied upstream patch fixing CVE-2007-1349 DoS caused by improperly
quoted regex (Closes: #433549)
* Moved the generated manpages from section 3 to 3pm
* Finally, lintian- and linda-clean, yay! :D
Files:
32dfc5f6ab6ee0b90119862bd23ff446 1001 web optional libapache2-mod-perl2_2.0.2-5.dsc
651f4d18dadec98811bcff1b7a1b6f4a 11507 web optional libapache2-mod-perl2_2.0.2-5.diff.gz
5bd3445c68505a2fa449a772443631b7 76344 web optional libapache2-mod-perl2-dev_2.0.2-5_all.deb
0ba86dc16225cb14daf966ad8c2dafb9 3116928 doc optional libapache2-mod-perl2-doc_2.0.2-5_all.deb
8c2c15932746caa9c4471d887d964106 1119188 web optional libapache2-mod-perl2_2.0.2-5_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGxjnM2A7zWou1J68RAo3nAKCbtogq4p9NIA1Hel0wATgiidKgIQCgoDjl
+sq76q3lEFnWi0rMBi2CJag=
=b29i
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 24 Sep 2007 07:30:38 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:49:30 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon