Debian Bug report logs - #354060
CVE-2006-0042: Quadratic Behavior Denial of Service Vulnerability

version graph

Package: libapache2-request-perl; Maintainer for libapache2-request-perl is Steinar H. Gunderson <sesse@debian.org>; Source for libapache2-request-perl is src:libapreq2.

Reported by: Geoff Crompton <geoff.crompton@strategicdata.com.au>

Date: Thu, 23 Feb 2006 00:33:02 UTC

Severity: important

Tags: fixed

Fixed in version libapreq2/2.07-1

Done: Steinar H. Gunderson <sesse@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, sesse@debian.org (Steinar H. Gunderson):
Bug#354060; Package libapache2-request-perl. Full text and rfc822 format available.

Acknowledgement sent to Geoff Crompton <geoff.crompton@strategicdata.com.au>:
New Bug report received and forwarded. Copy sent to sesse@debian.org (Steinar H. Gunderson). Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Geoff Crompton <geoff.crompton@strategicdata.com.au>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2006-0042: Quadratic Behavior Denial of Service Vulnerability
Date: Thu, 23 Feb 2006 11:28:54 +1100
Package: libapache2-request-perl
Severity: important

Seen at http://www.securityfocus.com/bid/16710. Version 2.0.7 has a fix.

changelog from http://svn.apache.org/viewcvs.cgi/httpd/apreq/tags/v2_07/CHANGES?rev=376998&view=markup says:

- C API [joes]
  SECURITY: CVE-2006-0042 (cve.mitre.org)
  Eliminate potential quadratic behavior in apreq_parse_headers() and
  apreq_parse_urlencoded().


-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686-smp
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)



Information forwarded to debian-bugs-dist@lists.debian.org, sesse@debian.org (Steinar H. Gunderson):
Bug#354060; Package libapache2-request-perl. Full text and rfc822 format available.

Acknowledgement sent to "Steinar H. Gunderson" <sgunderson@bigfoot.com>:
Extra info received and forwarded to list. Copy sent to sesse@debian.org (Steinar H. Gunderson). Full text and rfc822 format available.

Message #10 received at 354060@bugs.debian.org (full text, mbox):

From: "Steinar H. Gunderson" <sgunderson@bigfoot.com>
To: Geoff Crompton <geoff.crompton@strategicdata.com.au>, 354060@bugs.debian.org
Subject: Re: Bug#354060: CVE-2006-0042: Quadratic Behavior Denial of Service Vulnerability
Date: Thu, 23 Feb 2006 02:16:20 +0100
On Thu, Feb 23, 2006 at 11:28:54AM +1100, Geoff Crompton wrote:
> Seen at http://www.securityfocus.com/bid/16710. Version 2.0.7 has a fix.

Thanks. Do you know if the issue affects 2.04 as well? (I'd assume it does,
so we'd need a fix for stable as well...)

/* Steinar */
-- 
Homepage: http://www.sesse.net/



Tags added: fixed Request was from sesse@debian.org (Steinar H. Gunderson) to control@bugs.debian.org. Full text and rfc822 format available.

Bug marked as fixed in version 2.07-1, send any further explanations to Geoff Crompton <geoff.crompton@strategicdata.com.au> Request was from Steinar H. Gunderson <sesse@debian.org> to control@bugs.debian.org. (Sun, 20 May 2007 09:33:02 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Jun 2007 02:31:56 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 08:27:49 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.