Bug#569658: marked as done (ModSecurity Detection Bypass and Denial of Service Vulnerabilities)

[Debian Bug Tracking System]

Your message dated Thu, 11 Mar 2010 13:02:10 +0000
with message-id <e1npi1i-0007bq...@ries.debian.org>
and subject line Bug#569658: fixed in libapache-mod-security 2.5.12-1
has caused the Debian Bug report #569658,
regarding ModSecurity Detection Bypass and Denial of Service Vulnerabilities
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
569658: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569658
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libapache-mod-security
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

libapache-mod-security 2.5.12 fixed multiple security flaws.

References:
[1] 
http://sourceforge.net/projects/mod-security/files/modsecurity-apache/2.5.12/CHANGES_2.5.12.txt/download
[2] https://bugzilla.redhat.com/show_bug.cgi?id=563455
[3] http://secunia.com/advisories/38460/
[4] http://freshmeat.net/projects/modsecurity/releases/312017
[5] http://www.modsecurity.org/

Cheers,
Giuseppe

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkt2aOsACgkQNxpp46476apuIwCeMPSsgmA8dFSIkLvABlCM1LC/
3A8Anik1CW/wS8g9P5uqBruU5APXtJOe
=FBoT
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

Source: libapache-mod-security
Source-Version: 2.5.12-1

We believe that the bug you reported is fixed in the latest version of
libapache-mod-security, which is due to be installed in the Debian FTP archive:

libapache-mod-security_2.5.12-1.debian.tar.gz
  to 
main/liba/libapache-mod-security/libapache-mod-security_2.5.12-1.debian.tar.gz
libapache-mod-security_2.5.12-1.dsc
  to main/liba/libapache-mod-security/libapache-mod-security_2.5.12-1.dsc
libapache-mod-security_2.5.12-1_i386.deb
  to main/liba/libapache-mod-security/libapache-mod-security_2.5.12-1_i386.deb
libapache-mod-security_2.5.12.orig.tar.gz
  to main/liba/libapache-mod-security/libapache-mod-security_2.5.12.orig.tar.gz
mod-security-common_2.5.12-1_all.deb
  to main/liba/libapache-mod-security/mod-security-common_2.5.12-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 569...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alberto Gonzalez Iniesta <a...@inittab.org> (supplier of updated 
libapache-mod-security package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 11 Mar 2010 13:36:25 +0100
Source: libapache-mod-security
Binary: libapache-mod-security mod-security-common
Architecture: source all i386
Version: 2.5.12-1
Distribution: unstable
Urgency: low
Maintainer: Alberto Gonzalez Iniesta <a...@inittab.org>
Changed-By: Alberto Gonzalez Iniesta <a...@inittab.org>
Description: 
 libapache-mod-security - Tighten web applications security for Apache
 mod-security-common - Tighten web applications security - common files
Closes: 569658
Changes: 
 libapache-mod-security (2.5.12-1) unstable; urgency=low
 .
   * New upstream release. Fixes several security issues.
     (Closes: #569658)
   * Moved to dpkg-source 3.0 (quilt).
   * Bumped Standards-Version to 3.8.4.0
Checksums-Sha1: 
 4686b95cbd3ee9ac0dad56a36d760639a74426fb 1244 
libapache-mod-security_2.5.12-1.dsc
 eb2068e5d31525fa53769dabd1a1c65896fd4e76 1392209 
libapache-mod-security_2.5.12.orig.tar.gz
 e99052f834715d9e5cca978eb429b8afdadb5338 8035 
libapache-mod-security_2.5.12-1.debian.tar.gz
 551fab781bd26061cd13b83554b5db8bf513e787 962766 
mod-security-common_2.5.12-1_all.deb
 5e216ebb4d8c92d647df1de6f0e4ae2f528d68ee 114130 
libapache-mod-security_2.5.12-1_i386.deb
Checksums-Sha256: 
 8db0b425e85691e9fc51e4700564841893574e4429fcb67f9c829163ef2683b2 1244 
libapache-mod-security_2.5.12-1.dsc
 168bb6591a0f9665169e0ed223a00d63a1c87e11d1e56388abcf431f30efaa84 1392209 
libapache-mod-security_2.5.12.orig.tar.gz
 2d2715701960efe9a5277aefae968680937723faf7675b539c8f715fbdf23d04 8035 
libapache-mod-security_2.5.12-1.debian.tar.gz
 864d369553d8fb64ecad618b27cd12b1b58014b78bcd679e1daef01f4b6577d2 962766 
mod-security-common_2.5.12-1_all.deb
 63e9ac8624f535b2e29843a706de7cd7100768be0ec4fdf648ff0dbedb89a328 114130 
libapache-mod-security_2.5.12-1_i386.deb
Files: 
 1acd84b75f1b7b8ff81d179ab1a88251 1244 httpd optional 
libapache-mod-security_2.5.12-1.dsc
 f7d14b97bbe54ecb953125b0f9b87a24 1392209 httpd optional 
libapache-mod-security_2.5.12.orig.tar.gz
 380c62d67b4e9c9729a6bdba6bc9f49c 8035 httpd optional 
libapache-mod-security_2.5.12-1.debian.tar.gz
 411c8017b224a45d549460674a62d894 962766 httpd optional 
mod-security-common_2.5.12-1_all.deb
 5481145351951ec02c62de343f6b96b6 114130 httpd optional 
libapache-mod-security_2.5.12-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkuY55sACgkQxRSvjkukAcMxbQCeP52pn0i1+KxKD3ki09nwjcaG
mlMAniRmcnoRIm2MBjyMF/MAtd69gnyx
=gB2A
-----END PGP SIGNATURE-----

--- End Message ---