Your message dated Sat, 12 Oct 2013 18:47:25 +0000 with message-id <e1vv4dl-0005wi...@franck.debian.org> and subject line Bug#725942: fixed in libapache2-mod-fcgid 1:2.3.6-1+squeeze2 has caused the Debian Bug report #725942, regarding libapache2-mod-fcgid: CVE-2013-4365 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 725942: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725942 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libapache2-mod-fcgid Severity: grave Tags: security Justification: user security hole This was assigned CVE-2013-4365: http://www.mail-archive.com/dev@httpd.apache.org/msg58077.html Isolated patch: https://mail-archives.apache.org/mod_mbox/httpd-cvs/201309.mbox/%3c20130929174048.13b962388...@eris.apache.org%3E Can you prepare updated packages for oldstable/stable and contact t...@security.debian.org ? http://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: libapache2-mod-fcgid Source-Version: 1:2.3.6-1+squeeze2 We believe that the bug you reported is fixed in the latest version of libapache2-mod-fcgid, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 725...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Felix Geyer <fge...@debian.org> (supplier of updated libapache2-mod-fcgid package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 10 Oct 2013 21:21:29 +0200 Source: libapache2-mod-fcgid Binary: libapache2-mod-fcgid libapache2-mod-fcgid-dbg Architecture: source amd64 Version: 1:2.3.6-1+squeeze2 Distribution: squeeze-security Urgency: high Maintainer: Tatsuki Sugiura <s...@nemui.org> Changed-By: Felix Geyer <fge...@debian.org> Description: libapache2-mod-fcgid - an alternative module compat with mod_fastcgi libapache2-mod-fcgid-dbg - debugging symbols for mod_fcgid Closes: 725942 Changes: libapache2-mod-fcgid (1:2.3.6-1+squeeze2) squeeze-security; urgency=high . * Fix CVE-2013-4365: heap buffer overwrite. (Closes: #725942) - Add debian/patches/30_CVE-2013-4365.dpatch Checksums-Sha1: ac314473ce79f6924bf2cb7db9948034e24ae018 1923 libapache2-mod-fcgid_2.3.6-1+squeeze2.dsc b41e2871ceb3044bfe97d1a8f8f56487ebf504b9 5835 libapache2-mod-fcgid_2.3.6-1+squeeze2.diff.gz 3f3c5e67fde3409efb3b0f8c882e734ddc3d8485 74546 libapache2-mod-fcgid_2.3.6-1+squeeze2_amd64.deb db61448b707e9b075c088e356dc9833669691d0f 13932 libapache2-mod-fcgid-dbg_2.3.6-1+squeeze2_amd64.deb Checksums-Sha256: 60ee68b7f396f78acb77f16cc6b9841bae3c6ca3d3217ed771a119cef515b98f 1923 libapache2-mod-fcgid_2.3.6-1+squeeze2.dsc 3c2cf23247e0ac779f2cad19d6601beb5e07db6b5d39b6274c841ce6abfda81b 5835 libapache2-mod-fcgid_2.3.6-1+squeeze2.diff.gz 3253bfb46e5aec8729fcc09fe9ba4c6c3d7158ae29c3146a1861a12e4d27ed4e 74546 libapache2-mod-fcgid_2.3.6-1+squeeze2_amd64.deb e416905d249f842d7735331553c0394eeaaf2b98727b4f4c2b4cb8ccb8ad3e7b 13932 libapache2-mod-fcgid-dbg_2.3.6-1+squeeze2_amd64.deb Files: 8a2c37068208d198afe7ecfbeee4a69f 1923 httpd optional libapache2-mod-fcgid_2.3.6-1+squeeze2.dsc a91b272f7009df4a6d272eae4abbf410 5835 httpd optional libapache2-mod-fcgid_2.3.6-1+squeeze2.diff.gz 9738598a745038da91043b722a32955b 74546 httpd optional libapache2-mod-fcgid_2.3.6-1+squeeze2_amd64.deb 5dbbdd903f4c504d03cae9b2ec3330cd 13932 debug extra libapache2-mod-fcgid-dbg_2.3.6-1+squeeze2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBCAAGBQJSWDGuAAoJEP4ixv2DE11FrJMQAL1i8AN0V0OdH2a4N38pBRXo qe9zfP97t4anmt6WdLYFH4xiKi3KIQ6BquKrbtm5ivnI05DsGPzfOQSsKdYtLh3q xbpmOG4G19FJY3Lyuh9xxrLvzOFVfFl85jPJUuPawXb9oiHnTZE2MIMIXbvlPLca PNaMUHzW1P2BKH0whvn1brDiLLDUGa8aePKNFHDByo25GUer4AIVF15FHG4TcbkF X8H1gdVUv0nrSi7vWUglsi5ZyOP2FBFYTTM2BA/1wYuuvUdgXp9KmJ58bta8c5C5 cCvtMlYbuSBp//xgDE3n2H24s3D2NPnlXFkTtVKJfAM9IYUeX8p71K4jMcxoBYou YJk9/uLB7KuGMxUTqWVFBb6CsWBUUQfcWCcUTIY1VECvQxcTjw7pl5oFfmLOWEH8 sk6SDHcY2FxpNscslWcow7nls9102yEi4TzYHPoM96VVTzzyxIaPTkjBaZOoxZzf mWAtSKhMx2pP/vEsfMR43/Zy/Cxlesr59lS6EwE3thUvoNArXt5WhkKUIbXDvROE DzafywVw297Le2Eh9MvzkRSoz5eGPUttAYyeA+z34CVOXJN3AgrxL4qji/nW6ey+ Jh8TNw3qP0OC2QOiwxHoV/TPiOR3zg+Cth27gJVzIf6h5mLhJ4qKp+XcvK2LdF3K qcRVesoqP7Xa9sqe4TZ9 =0R9y -----END PGP SIGNATURE-----
--- End Message ---
