Your message dated Tue, 4 Apr 2006 17:08:29 +0200
with message-id <[EMAIL PROTECTED]>
and subject line [CVE-2006-0042] Remote DoS in libapreq2-perl
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Subject: libapache2-request-perl: Sarge update 2.04-dev-1sarge1 breaks file
uploads
Package: libapache2-request-perl
Version: 2.04-dev-1sarge1
Severity: important
Since the last update, all the requests that include a file upload fail
with a 500 (Internal Server Error) message. The following gets recorded
in the log file:
[Wed Mar 22 18:01:28 2006] [error] [client 132.248.72.73]
Apache::Request::upload: (20014) Error string not specified yet at
/home/gwolf/cvs/comas/perl/Apache2/Comas.pm line 343, referer:
http://www.proglocode.unam.mx/comas/attendees/account/proposals/file/35
The specific line tha triggers this error is:
return $upload unless $req->upload;
Please note I have tried to jump over this test, and the same behavior
happens in other modules where I also get uploads.
The whole module I am reporting this problem about can be found at:
http://gborg.postgresql.org/cgi-bin/cvsweb.cgi/comas/perl/Apache2/Comas.pm?rev=1.10;cvsroot=comas
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.14-lafa
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages libapache2-request-perl depends on:
ii apache2-common 2.0.54-5 next generation, scalable, extenda
ii libapache2-mod-perl2 1.999.21-1 Integration of perl with the Apach
ii libapr0 2.0.54-5 the Apache Portable Runtime
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libdb4.2 4.2.52-18 Berkeley v4.2 Database Libraries [
ii libexpat1 1.95.8-3 XML parsing C library - runtime li
ii libldap2 2.1.30-8 OpenLDAP libraries
ii perl 5.8.4-8sarge3 Larry Wall's Practical Extraction
ii perl-base [perlapi-5.8.4] 5.8.4-8sarge3 The Pathologically Eclectic Rubbis
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 2.04-dev-1sarge2
On Sat, Apr 01, 2006 at 10:28:02AM +0200, Martin Schulze wrote:
>> Looks like the backport was incomplete, unfortunately; it breaks file uploads
>> (see #358689). I've made a fix (attached) which seems to fix the problem for
>> me; Gunnar, could you please test it on your side too?
> Will provide an update next week.
AFAICS, the update has gone out, so I'm closing this bug. Thanks. :-)
/* Steinar */
--
Homepage: http://www.sesse.net/
--- End Message ---
