Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 64804
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Paul Querna <pquerna@apache.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
00_satisfy_merge.patch net-www/apache/files/patches/2.0.51-r1/00_satisfy_merge.patch patch Paul Querna 2004-09-20 15:52 0000 742 bytes Details | Diff
apache-2.0.51-r1.ebuild apache-2.0.51-r1.ebuild text/plain Paul Querna 2004-09-20 15:59 0000 12.58 KB Details
apache-2.0.51-r1.patch Patch for 2.0.51 -> r1 patch Paul Querna 2004-09-20 16:13 0000 731 bytes Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 64804 depends on: Show dependency tree
Bug 64804 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-09-20 15:49 0000 
CAN-2004-0811

Fix merging of the Satisfy directive, which was applied to 
the surrounding context and could allow access despite configured
authentication.

Fixed in Apache CVS:
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/core.c?r1=1.285&r2=1.286

Apache PR #31315:
http://issues.apache.org/bugzilla/show_bug.cgi?id=31315

Updated Apache-2.0.51 ebuild coming in a minute.

------- Comment #1 From Paul Querna 2004-09-20 15:52:43 0000 ------- 
Created an attachment (id=40040) [details]
net-www/apache/files/patches/2.0.51-r1/00_satisfy_merge.patch

Fixes Merging of Satisfy Directives.

------- Comment #2 From Paul Querna 2004-09-20 15:59:03 0000 ------- 
Created an attachment (id=40041) [details]
apache-2.0.51-r1.ebuild

Applies supplied patch fixing bug.

------- Comment #3 From Paul Querna 2004-09-20 16:13:27 0000 ------- 
Created an attachment (id=40043) [details]
Patch for 2.0.51 -> r1

Added a patch for the ebuild, instead of the full thing...

------- Comment #4 From Stuart Herbert (RETIRED) 2004-09-21 02:34:12 0000 ------- 
Apache 2.0.51-r1 is in the tree, and ready for testing on all arches.

Best regards,
Stu

------- Comment #5 From Matthias Geerdsen 2004-09-21 02:56:40 0000 ------- 
arches, please mark stable:

current KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
target KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 sparc x86"

------- Comment #6 From Jochen Maes (RETIRED) 2004-09-21 06:54:08 0000 ------- 
stable on ppc

------- Comment #7 From Gustavo Zacarias (RETIRED) 2004-09-21 07:39:19 0000 ------- 
Sparc stable.

------- Comment #8 From SpanKY 2004-09-21 08:46:09 0000 ------- 
amd64/arm/hppa/ia64 stable now

------- Comment #9 From Joshua Kinard 2004-09-22 00:34:38 0000 ------- 
Stable on mips.

------- Comment #10 From Bryan Østergaard (RETIRED) 2004-09-22 02:59:33 0000 ------- 
Stable on alpha.

------- Comment #11 From Thierry Carrez (RETIRED) 2004-09-22 08:24:29 0000 ------- 
Reassigning product/component

------- Comment #12 From Olivier Crete 2004-09-23 15:06:55 0000 ------- 
Stable on x86

------- Comment #13 From Dan Margolis (RETIRED) 2004-09-23 22:04:07 0000 ------- 
GLSA 200409-33

------- Comment #14 From Dan Margolis (RETIRED) 2004-10-06 12:42:42 0000 ------- 
*** Bug 66551 has been marked as a duplicate of this bug. ***

------- Comment #15 From Tom Gall 2004-10-09 11:52:27 0000 ------- 
done via superceded 2.0.52 which is marked stable on ppc64
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug