Ubuntu
apache package

Apache1.3 CAN-2004-0940

Bug #9709 reported by Fabio Massimo Di Nitto
4
Affects Status Importance Assigned to Milestone
apache (Ubuntu)
Fix Released
High
Martin Pitt

Bug Description

Hi Martin,
           apache just release version 1.3.33 that fix 2 security problems. This
is the only one missing from ubuntu/debian.

The other one was backported a while ago from CVS.

even if apache binaries are in universe, we still ship the sources in main, so i
think we should get this one fixed.

Fabio

CVE References

Revision history for this message
Martin Pitt (pitti) wrote :

Created an attachment (id=640)
interdiff to security update -1.3.31-6.1

patch taken from upstream CVS (released as apache 1.3.33).

Revision history for this message
Martin Pitt (pitti) wrote :

Oops, wrong patch version number. It should be 1.3.31-6ubuntu0.1

Revision history for this message
Martin Pitt (pitti) wrote :

Created an attachment (id=641)
interdiff to security update -1.3.31-6ubuntu0.1

Revision history for this message
Martin Pitt (pitti) wrote :

Fixed in Warty:
 apache (1.3.31-6ubuntu0.1) warty-security; urgency=low
 .
   * SECURITY UPDATE to fix a buffer overflow in mod_include
     (Warty bug #9709)
   * added patch 000_stolen_from_HEAD_CAN-2004-0940, backported from upstream
     CVS (CAN-2004-0940)

Fixed in Hoary with version apache_1.3.31-6ubuntu1.

Leaving open until the Warty package is published.

Revision history for this message
Martin Pitt (pitti) wrote :

Created an attachment (id=644)
interdiff to security update -6ubuntu0.2

*sigh* debian/rules has to be patched too to produce a new version of
libapache-mod-perl.

Revision history for this message
Martin Pitt (pitti) wrote :

security update is published, closing.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.