Your message dated Tue, 28 Jul 2009 01:20:30 +0200 (CEST)
with message-id <38699.194.224.98.149.1248736830.squir...@www.sfritsch.de>
and subject line Re: Bug#536718: apache2: CVE-2009-1890 denial-of-service
vulnerability
has caused the Debian Bug report #536718,
regarding apache2: CVE-2009-1890 denial-of-service vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
536718: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536718
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: apache2
Version: 2.2.3-4+etch6
Severity: serious
Tags: security , patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for apache2.
CVE-2009-1890[0]:
| The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy
| module in the Apache HTTP Server before 2.3.3, when a reverse proxy is
| configured, does not properly handle an amount of streamed data that
| exceeds the Content-Length value, which allows remote attackers to
| cause a denial of service (CPU consumption) via crafted requests.
Patches are available [0]. Please coordinate with the security team to
prepare updates for the stable releases.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890
http://security-tracker.debian.net/tracker/CVE-2009-1890
--- End Message ---
--- Begin Message ---
version: apache2 2.2.9-10+lenny4
fixed in DSA-1834-1 and in unstable
--- End Message ---
