Bug#725942: marked as done (libapache2-mod-fcgid: CVE-2013-4365)

[Debian Bug Tracking System]

Your message dated Thu, 10 Oct 2013 18:03:25 +0000
with message-id <e1vuka5-00013d...@franck.debian.org>
and subject line Bug#725942: fixed in libapache2-mod-fcgid 1:2.3.9-1
has caused the Debian Bug report #725942,
regarding libapache2-mod-fcgid: CVE-2013-4365
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
725942: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725942
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libapache2-mod-fcgid
Severity: grave
Tags: security
Justification: user security hole

This was assigned CVE-2013-4365:
http://www.mail-archive.com/dev@httpd.apache.org/msg58077.html

Isolated patch:
https://mail-archives.apache.org/mod_mbox/httpd-cvs/201309.mbox/%3c20130929174048.13b962388...@eris.apache.org%3E

Can you prepare updated packages for oldstable/stable and contact 
t...@security.debian.org ?
http://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: libapache2-mod-fcgid
Source-Version: 1:2.3.9-1

We believe that the bug you reported is fixed in the latest version of
libapache2-mod-fcgid, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 725...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Felix Geyer <fge...@debian.org> (supplier of updated libapache2-mod-fcgid 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 10 Oct 2013 19:49:42 +0200
Source: libapache2-mod-fcgid
Binary: libapache2-mod-fcgid libapache2-mod-fcgid-dbg
Architecture: source amd64
Version: 1:2.3.9-1
Distribution: unstable
Urgency: high
Maintainer: Felix Geyer <fge...@debian.org>
Changed-By: Felix Geyer <fge...@debian.org>
Description: 
 libapache2-mod-fcgid - FastCGI interface module for Apache 2
 libapache2-mod-fcgid-dbg - debugging symbols for mod_fcgid
Closes: 719534 725942
Changes: 
 libapache2-mod-fcgid (1:2.3.9-1) unstable; urgency=high
 .
   * New upstream release.
     - Fixes CVE-2013-4365: heap buffer overwrite. (Closes: #725942)
   * Further improve the long description. (Closes: #719534)
Checksums-Sha1: 
 a65d113a6c3596b969d1240969b6e3529ad24f3d 2062 libapache2-mod-fcgid_2.3.9-1.dsc
 99d6b24f3f83a3a83d1d93d12a0d5992e3fa7851 107582 
libapache2-mod-fcgid_2.3.9.orig.tar.gz
 c05d46bb28a40754107f30d0c1977975389b0f31 5659 
libapache2-mod-fcgid_2.3.9-1.debian.tar.gz
 2f11a1c429b0907fbfbb48aef37fc1971068c3a1 67528 
libapache2-mod-fcgid_2.3.9-1_amd64.deb
 7f234d7237d0b052ab3b86e170b0f96c14c2884b 121062 
libapache2-mod-fcgid-dbg_2.3.9-1_amd64.deb
Checksums-Sha256: 
 051483c86746a2aaec16da380e7377d451cdbf9681ce7c5a0846ea98e7d2cdc5 2062 
libapache2-mod-fcgid_2.3.9-1.dsc
 1cbad345e3376b5d7c8f9a62b471edd7fa892695b90b79502f326b4692a679cf 107582 
libapache2-mod-fcgid_2.3.9.orig.tar.gz
 b94f0b768f5cc5080ed312923db04baa16db4293d1859f50bbe001702336b35e 5659 
libapache2-mod-fcgid_2.3.9-1.debian.tar.gz
 e871c9c7be2ba3e2f9f7b7932f9fbf24010d591626a441e773f596feff3202ce 67528 
libapache2-mod-fcgid_2.3.9-1_amd64.deb
 46f65cee9fdc6e9d2bcdd3638edc204ea334baa4fbe436fbe11bbcb05ba49250 121062 
libapache2-mod-fcgid-dbg_2.3.9-1_amd64.deb
Files: 
 cc2e7385fa5ef7a3e3d2b2e4ebc75b52 2062 httpd optional 
libapache2-mod-fcgid_2.3.9-1.dsc
 ece4c66f0c05d216fc96969fcf3d1add 107582 httpd optional 
libapache2-mod-fcgid_2.3.9.orig.tar.gz
 914a8859a5a39afb86bf03b1abd584a6 5659 httpd optional 
libapache2-mod-fcgid_2.3.9-1.debian.tar.gz
 8ec3ca71719c7e17f1ce6557ec86a354 67528 httpd optional 
libapache2-mod-fcgid_2.3.9-1_amd64.deb
 9b06d4cc28b9fbd1d94451ccb127a7bd 121062 debug extra 
libapache2-mod-fcgid-dbg_2.3.9-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBCAAGBQJSVuoFAAoJEP4ixv2DE11FD4wP/AnHfkFQ6kI8w18LXC+5A3Qb
6YUjoSlKfCePtWBKyVoQ1frGF2fhGYbX5iRWMaPIQLqPsaxLw9T5aG6EyRhhRWI8
ceV3RkkIWjnQ4+cGCmPnt9D3z3wQ/ndwMEWFf5CHoS7veXKEwC51o6PyCSaMwiMQ
qoIdkxyAq1hx8ISfyJVhvwN+42sPlolve9PyMGaPVVU1q2gkCbaadUw+hDHnWq+R
RUpA/klTtA3925TPMaoAIkN8yBa9GrgghqoaDQajpuDzzA0VVPztcnj1IiAwVstb
B7S+WJSx+J80GnM2WfPjJzIal+y1iTGx61Msi+8XlQ50t7Op5N8WIVlwF3CuzwTz
L6+vtlYKbwaru34HArOQgV8/xoJ2pVwin8ZdhMaroM6F26PRRGlAym2rh5bssFgO
xY7IBK1QufByTOxKjK4srNuwtrErAkW13bzTt2myxHvf6j6+9ZaAGjDtG9WXDj7A
SstdZlkIvhjrEOjgq3U2S5EdjnYezEM+fv6UUKiCCPt8kaOdJrbBSbYbrNNwlfHZ
MxkuoAmuzfazLlTEjI9Ms63PUyJwkMSQQKqc1DypC/8OjuVTBmYZt8hnbbePOOzb
oAqBvhgXqIeu71o3MJ3IDfMs3cdg0Oc7Tps/REx3iI+1Ivg16uLPdWgJenNSL05x
S/36zpZPxTPvvtkxMO81
=kJ1Z
-----END PGP SIGNATURE-----

--- End Message ---