Debian Bug report logs -
#327210
apache2: CAN-2005-2700
Reported by: Juergen Kreileder <jk@blackdown.de>
Date: Thu, 8 Sep 2005 12:03:04 UTC
Severity: critical
Tags: fixed-upstream, security
Found in version apache2/2.0.54-4
Fixed in version apache2/2.0.54-5
Done: Joey Hess <joeyh@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Juergen Kreileder <jk@blackdown.de>, Debian Apache Maintainers <debian-apache@lists.debian.org>:
Bug#327210; Package apache2.
(full text, mbox, link).
Acknowledgement sent to Juergen Kreileder <jk@blackdown.de>:
New Bug report received and forwarded. Copy sent to Juergen Kreileder <jk@blackdown.de>, Debian Apache Maintainers <debian-apache@lists.debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: apache2
Version: 2.0.54-4
Severity: critical
Tags: security, fixed-upstream
See http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700
,----
| ssl_engine_kernel.c in mod_ssl before 2.8.24, when using
| "SSLVerifyClient optional" in the global virtual host configuration,
| does not properly enforce "SSLVerifyClient require" in a per-location
| context, which allows remote attackers to bypass intended access
| restrictions.
`----
Juergen
--
Juergen Kreileder, Blackdown Java-Linux Team
http://blog.blackdown.de/
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Apache Maintainers <debian-apache@lists.debian.org>:
Bug#327210; Package apache2.
(full text, mbox, link).
Acknowledgement sent to Adam Conrad <adconrad@0c3.net>:
Extra info received and forwarded to list. Copy sent to Debian Apache Maintainers <debian-apache@lists.debian.org>.
(full text, mbox, link).
Message #10 received at 327210@bugs.debian.org (full text, mbox, reply):
Juergen Kreileder wrote:
> Package: apache2
> Version: 2.0.54-4
> Severity: critical
> Tags: security, fixed-upstream
>
> See http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700
An update is already in the works for this.
... Adam
Reply sent to Adam Conrad <adconrad@0c3.net>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Juergen Kreileder <jk@blackdown.de>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #15 received at 327210-done@bugs.debian.org (full text, mbox, reply):
The update has been released, as 2.0.54-5, so closing this bug.
... Adam
Bug marked as fixed in version 2.0.54-5, send any further explanations to Juergen Kreileder <jk@blackdown.de>
Request was from Joey Hess <joeyh@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 24 Jun 2007 13:54:11 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Tue Aug 14 22:47:09 2018;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.