Your message dated Sat, 12 Oct 2013 19:53:25 +0000 with message-id <e1vv5fd-0007y9...@franck.debian.org> and subject line Bug#725942: fixed in libapache2-mod-fcgid 1:2.3.6-1.2+deb7u1 has caused the Debian Bug report #725942, regarding libapache2-mod-fcgid: CVE-2013-4365 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 725942: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725942 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libapache2-mod-fcgid Severity: grave Tags: security Justification: user security hole This was assigned CVE-2013-4365: http://www.mail-archive.com/dev@httpd.apache.org/msg58077.html Isolated patch: https://mail-archives.apache.org/mod_mbox/httpd-cvs/201309.mbox/%3c20130929174048.13b962388...@eris.apache.org%3E Can you prepare updated packages for oldstable/stable and contact t...@security.debian.org ? http://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: libapache2-mod-fcgid Source-Version: 1:2.3.6-1.2+deb7u1 We believe that the bug you reported is fixed in the latest version of libapache2-mod-fcgid, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 725...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Felix Geyer <fge...@debian.org> (supplier of updated libapache2-mod-fcgid package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 10 Oct 2013 20:02:54 +0200 Source: libapache2-mod-fcgid Binary: libapache2-mod-fcgid libapache2-mod-fcgid-dbg Architecture: source amd64 Version: 1:2.3.6-1.2+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Tatsuki Sugiura <s...@nemui.org> Changed-By: Felix Geyer <fge...@debian.org> Description: libapache2-mod-fcgid - an alternative module compat with mod_fastcgi libapache2-mod-fcgid-dbg - debugging symbols for mod_fcgid Closes: 725942 Changes: libapache2-mod-fcgid (1:2.3.6-1.2+deb7u1) wheezy-security; urgency=high . * Fix CVE-2013-4365: heap buffer overwrite. (Closes: #725942) - Add debian/patches/40_CVE-2013-4365.dpatch Checksums-Sha1: b3a1229238704341e73989b86a110b971d5387c9 2021 libapache2-mod-fcgid_2.3.6-1.2+deb7u1.dsc 018245896f331909e896685ab3ca86b163846e4d 101883 libapache2-mod-fcgid_2.3.6.orig.tar.gz 634b58d8241a6b35dd8f761cdf0d13d451903e92 6642 libapache2-mod-fcgid_2.3.6-1.2+deb7u1.diff.gz 0adcdb2b5015a92823b0960032733f3a54b30e14 74950 libapache2-mod-fcgid_2.3.6-1.2+deb7u1_amd64.deb f958d200e84e50b5546c1cad10689b038a2a7505 14086 libapache2-mod-fcgid-dbg_2.3.6-1.2+deb7u1_amd64.deb Checksums-Sha256: bc06126ccc7e6e598fb6252d8a1a5bb6032b269fbd8bbb53a94438b7549035f8 2021 libapache2-mod-fcgid_2.3.6-1.2+deb7u1.dsc e831795498d91cf27a519ea1332c2a92a2a9920b0844d817b2ea7f079056d12b 101883 libapache2-mod-fcgid_2.3.6.orig.tar.gz 0ab6d4d071383eb12dadbfcfa1513256f99712c2b217877625f99fa6a6e2ae55 6642 libapache2-mod-fcgid_2.3.6-1.2+deb7u1.diff.gz eef313d9e6bea6d5356a4928c30de0ce83c2fcfe689d4deb486bd0c5e2baa36a 74950 libapache2-mod-fcgid_2.3.6-1.2+deb7u1_amd64.deb ce31653221fa56eb224d01d31fafac28696757a045249654dfc0f935a09dbc8c 14086 libapache2-mod-fcgid-dbg_2.3.6-1.2+deb7u1_amd64.deb Files: 96902d8af9f535e9165dbe429888002d 2021 httpd optional libapache2-mod-fcgid_2.3.6-1.2+deb7u1.dsc fbfc115eb47cd9bda91269743aba5e83 101883 httpd optional libapache2-mod-fcgid_2.3.6.orig.tar.gz 2f0e7c7d95bed63acd79009f9941db9d 6642 httpd optional libapache2-mod-fcgid_2.3.6-1.2+deb7u1.diff.gz 5420ecd0a58dcf83ca6e99ae86f57e67 74950 httpd optional libapache2-mod-fcgid_2.3.6-1.2+deb7u1_amd64.deb 39c06a4e1877c1b9745d183eb14edd8c 14086 debug extra libapache2-mod-fcgid-dbg_2.3.6-1.2+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBCAAGBQJSWDAqAAoJEP4ixv2DE11F01gP/iHk8IWo9tXJQDZWyY06t+31 Do6+IeXrIGGKul6U629YICaAqXm2bAxPSN/WD9tqh0zhcjzg2+c/IKvkctJwIAPB gpfxfZ1hIgbX2xZitIo00PqLamh3hG8E0U+rEdDHMGq6g+dmBVcntq2ZJYsQS80n FFiHebLpgt83Hh9wp3xvx9lqeAWSjk/c1Rkw6bHWXGIRRm8Bnzb7V4bMR3jYf2qy Yk9DcS0kDbYWFB9ziDZE1NqU4f5UKSa0tXp1uEVsttg2yxjmuYedhK/25S0qtVGi qA5Jkt58ck95BI0uIzvodF37popYh5vocAHIvlapLyVbdfFi6almf9z3TAgj6dAc HCdEFfPD3HpDvSs+GH2ddNC0ZkYzYDLwfUY59FJAy8KYUxDmpuSGtBfEHkciaMKu EHa9S4j5RAXYoLrxEB0eaenBxtNIXD6TWQ+YsrLKZ/UHW5LKA3kWHqNFA1U0ZOcC QdmxLGuB/TeogdbzRoWq6tRL7Mof7jx3xNF+4kHOSHYgf9dchuXlN4UMfRaWBg4G MDrjEiMjVeRWdgInzVAwb0imaY28XQA6UDiBr6bBe9RC6e+PMeGPXHyk/A14uvwu ggNE0GaoSN5eOTd7TsAWaukt69RJD0AHigtucqQ4Nfx7Nsu5cSF5OA5yBb3CyGUy gJSMFyXMwm2O3/kD87lw =QuQT -----END PGP SIGNATURE-----
--- End Message ---
