| { |
| "id": 25, |
| "mailboxId": "18", |
| "modSeq": 42, |
| "size": 25, |
| "date": "2015-06-07T00:00:00+0200", |
| "mediaType": "plain", |
| "subtype": "text", |
| "userFlags": [ |
| "security", |
| "debian" |
| ], |
| "headers": { |
| "date": [ |
| "Wed, 03 Jun 2015 19:14:32 +0000" |
| ], |
| "resent-from": [ |
| "debian-security-announce@lists.debian.org" |
| ], |
| "return-path": [ |
| "<bounce-debian-security-announce=benwa=minet.net@lists.debian.org>" |
| ], |
| "subject": [ |
| "[SECURITY] [DSA 3278-1] libapache-mod-jk security update" |
| ], |
| "x-debian": [ |
| "PGP check passed for security officers" |
| ], |
| "x-spam-score": [ |
| "-1.51" |
| ], |
| "list-subscribe": [ |
| "<mailto:debian-security-announce-request@lists.debian.org?subject=subscribe>" |
| ], |
| "precedence": [ |
| "list" |
| ], |
| "x-sieve": [ |
| "CMU Sieve 2.4" |
| ], |
| "list-help": [ |
| "<mailto:debian-security-announce-request@lists.debian.org?subject=help>" |
| ], |
| "received-spf": [ |
| "None (no SPF record) identity=mailfrom; client-ip=82.195.75.100; helo=bendel.debian.org; envelope-from=bounce-debian-security-announce=benwa=minet.net@lists.debian.org; receiver=benwa@minet.net" |
| ], |
| "x-mailing-list": [ |
| "<debian-security-announce@lists.debian.org> archive/latest/2089" |
| ], |
| "x-spam-level": [ |
| "" |
| ], |
| "message-id": [ |
| "<E1Z0E7U-0004Bc-Jv@master.debian.org>" |
| ], |
| "resent-message-id": [ |
| "<Aqb4x1ejWlF.A.ltC.qI1bVB@bendel>" |
| ], |
| "from": [ |
| "Markus Koschany <apo@gambaru.de>" |
| ], |
| "reply-to": [ |
| "debian-security@lists.debian.org" |
| ], |
| "resent-date": [ |
| "Wed, 3 Jun 2015 19:14:50 +0000 (UTC)" |
| ], |
| "x-spam-flag": [ |
| "NO" |
| ], |
| "x-rc-spam": [ |
| "2008-11-04_01" |
| ], |
| "list-unsubscribe": [ |
| "<mailto:debian-security-announce-request@lists.debian.org?subject=unsubscribe>" |
| ], |
| "list-post": [ |
| "<mailto:debian-security-announce@lists.debian.org>" |
| ], |
| "received": [ |
| "from mx2.minet.net (mx2.minet.net [192.168.102.26])\t by imap (Cyrus v2.4.16-Debian-2.4.16-4+deb7u1) with LMTPA;\t Wed, 03 Jun 2015 21:19:59 +0200", |
| "from localhost (spam.minet.net [192.168.102.97])\tby mx2.minet.net (Postfix) with ESMTP id 8A9DAA27DA1\tfor <benwa@minet.net>; Wed, 3 Jun 2015 21:20:03 +0200 (CEST)", |
| "from mx2.minet.net ([IPv6:::ffff:192.168.102.26])\tby localhost (spam.minet.net [::ffff:192.168.102.97]) (amavisd-new, port 10024)\twith ESMTP id cF6J0AAnzsTX for <benwa@minet.net>;\tWed, 3 Jun 2015 19:20:02 +0000 (UTC)", |
| "from bendel.debian.org (bendel.debian.org [82.195.75.100])\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\t(No client certificate requested)\tby mx2.minet.net (Postfix) with ESMTPS id 7F69FA27D98\tfor <benwa@minet.net>; Wed, 3 Jun 2015 21:20:01 +0200 (CEST)", |
| "from localhost (localhost [127.0.0.1])\tby bendel.debian.org (Postfix) with QMQP\tid 1C2F6275; Wed, 3 Jun 2015 19:14:50 +0000 (UTC)", |
| "from localhost (localhost [127.0.0.1])\tby bendel.debian.org (Postfix) with ESMTP id 7EFBF228\tfor <lists-debian-security-announce@bendel.debian.org>; Wed, 3 Jun 2015 19:14:39 +0000 (UTC)", |
| "from bendel.debian.org ([127.0.0.1])\tby localhost (lists.debian.org [127.0.0.1]) (amavisd-new, port 2525)\twith ESMTP id RiKdt2PVwXOm\tfor <lists-debian-security-announce@bendel.debian.org>;\tWed, 3 Jun 2015 19:14:34 +0000 (UTC)", |
| "from master.debian.org (master.debian.org [IPv6:2001:41b8:202:deb:216:36ff:fe40:4001])\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))\t(Client CN \"master.debian.org\", Issuer \"Debian SMTP CA\" (not verified))\tby bendel.debian.org (Postfix) with ESMTPS id ABE761B7\tfor <debian-security-announce@lists.debian.org>; Wed, 3 Jun 2015 19:14:34 +0000 (UTC)", |
| "from carnil by master.debian.org with local (Exim 4.84)\t(envelope-from <carnil@master.debian.org>)\tid 1Z0E7U-0004Bc-Jv\tfor debian-security-announce@lists.debian.org; Wed, 03 Jun 2015 19:14:32 +0000" |
| ], |
| "x-rc-virus": [ |
| "2007-09-13_01" |
| ], |
| "x-loop": [ |
| "debian-security-announce@lists.debian.org" |
| ], |
| "priority": [ |
| "urgent" |
| ], |
| "x-virus-scanned": [ |
| "by amavisd-new using ClamAV at minet.net" |
| ], |
| "x-spam-status": [ |
| "No, score=-1.51 required=1 tests=[BAYES_00=-1.5,\tT_RP_MATCHES_RCVD=-0.01] autolearn=unavailable" |
| ], |
| "delivered-to": [ |
| "lists-debian-security-announce@bendel.debian.org" |
| ], |
| "x-amavis-spam-status": [ |
| "No, score=-8.99 tagged_above=-10000 required=5.3\ttests=[BAYES_00=-2, DIGITS_LETTERS=1, FVGT_m_MULTI_ODD=0.02,\tLDO_WHITELIST=-5, OUR_MTA_MSGID=2, PGPSIGNATURE=-5,\tT_RP_MATCHES_RCVD=-0.01] autolearn=ham" |
| ], |
| "resent-sender": [ |
| "debian-security-announce-request@lists.debian.org" |
| ], |
| "x-original-to": [ |
| "lists-debian-security-announce@bendel.debian.org" |
| ], |
| "to": [ |
| "debian-security-announce@lists.debian.org" |
| ], |
| "list-id": [ |
| "<debian-security-announce.lists.debian.org>" |
| ], |
| "old-return-path": [ |
| "<carnil@master.debian.org>" |
| ] |
| }, |
| "from": [ |
| { |
| "name": "Markus Koschany", |
| "address": "apo@gambaru.de" |
| } |
| ], |
| "to": [ |
| { |
| "name": "debian-security-announce@lists.debian.org", |
| "address": "debian-security-announce@lists.debian.org" |
| } |
| ], |
| "cc": [], |
| "bcc": [], |
| "replyTo": [{"name":"debian-security@lists.debian.org","address":"debian-security@lists.debian.org"}], |
| "subject": [ |
| "[SECURITY] [DSA 3278-1] libapache-mod-jk security update" |
| ], |
| "sentDate": "2015-06-03T19:14:32+0000", |
| "properties": [ |
| { |
| "namespace": "http://james.apache.org/rfc2045/Content-Type", |
| "localName": "type", |
| "value": "plain" |
| }, |
| { |
| "namespace": "http://james.apache.org/rfc2045/Content-Type", |
| "localName": "subtype", |
| "value": "text" |
| }, |
| { |
| "namespace": "http://james.apache.org/rfc2045", |
| "localName": "Content-Description", |
| "value": "An e-mail" |
| } |
| ], |
| "attachments": [], |
| "textBody": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3278-1 security@debian.org\r\nhttp://www.debian.org/security/ Markus Koschany\r\nJune 03, 2015 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : libapache-mod-jk\r\nCVE ID : CVE-2014-8111\r\nDebian Bug : 783233\r\n\r\nAn information disclosure flaw due to incorrect JkMount/JkUnmount\r\ndirectives processing was found in the Apache 2 module mod_jk to forward\r\nrequests from the Apache web server to Tomcat. A JkUnmount rule for a\r\nsubtree of a previous JkMount rule could be ignored. This could allow a\r\nremote attacker to potentially access a private artifact in a tree that\r\nwould otherwise not be accessible to them.\r\n\r\nFor the oldstable distribution (wheezy), this problem has been fixed\r\nin version 1:1.2.37-1+deb7u1.\r\n\r\nFor the stable distribution (jessie), this problem has been fixed in\r\nversion 1:1.2.37-4+deb8u1.\r\n\r\nFor the testing distribution (stretch), this problem has been fixed\r\nin version 1:1.2.40+svn150520-1.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 1:1.2.40+svn150520-1.\r\n\r\nWe recommend that you upgrade your libapache-mod-jk packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBCgAGBQJVb0AhAAoJEAVMuPMTQ89Ef+gP/1e6ZRHna5rrHYiaclwnWg8Y\r\nYHIjWwqfsnldjqfTirrBtf9TlLZrqIUHhaeaA0PEbzvzqVfh5QToOvvMeFHqXLS2\r\n4eSmUtc3hb5BQlSvPsuP5RzeDYPy0S2zRaJlQ6dKSXmxb3Zh1drjxUg9kzpEGU9v\r\nykwDIRO7w+YpfcNqoxldgL0JOngMa9Qhl/wSwLV559wrESiSp2QifN/JZz2YRvsp\r\nXeZvCHV5dHYJLfCOn3bQ6QRf0votEFObrW2T14noo/Srxv1n+4sstql7bCDbKW8c\r\nO3SrlEk7HX5N4qPlG8Jo288NH1gqxXbuJ9SqF1MlIJsYE2UWT2nydfHVM1vMH23+\r\nSpfd51SfmrK2GSOg2tna29BDGInDZ0Tud+GqsTKMMICgtg7SCK4FIrZYhhFFompG\r\nli9h7DE96Cbv6J5a8JSIYg/kyzFOO8VcYakOUOJ2Oyo8Tv2a6GJLF9azjsThE7bv\r\nLBUWbk2cOsd98BYtsUwFKJhqQLBvRCYnw85/WbC8EDmkbyrxIKf0uaF1e6vc9qV9\r\n4OKmIgbNageXDzrfnc9PrwZ05xPiPhFJUk3Bu3XzosMzqU7XBPhtjkvPGJGcMv9g\r\ncCepn+vtFQFBR612a4Gm16XN068zbnBR8VHx3PRNIVkPyhoxR55RdFtwPL7FCHX0\r\nXVZyRUFDwW4cMiJnJ49U\r\n=M39D\r\n-----END PGP SIGNATURE-----\r\n\r\n\r\n--\r\nTo UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org\r\nwith a subject of \"unsubscribe\". Trouble? Contact listmaster@lists.debian.org\r\nArchive: https://lists.debian.org/E1Z0E7U-0004Bc-Jv@master.debian.org", |
| "htmlBody": null, |
| "isDeleted": true, |
| "isDraft": false, |
| "isAnswered": false, |
| "isFlagged": false, |
| "isRecent": false, |
| "hasAttachment": false, |
| "isUnread": false, |
| "users": [ |
| "username" |
| ], |
| "text": "Markus Koschany apo@gambaru.de debian-security-announce@lists.debian.org debian-security-announce@lists.debian.org [SECURITY] [DSA 3278-1] libapache-mod-jk security update -----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3278-1 security@debian.org\r\nhttp://www.debian.org/security/ Markus Koschany\r\nJune 03, 2015 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : libapache-mod-jk\r\nCVE ID : CVE-2014-8111\r\nDebian Bug : 783233\r\n\r\nAn information disclosure flaw due to incorrect JkMount/JkUnmount\r\ndirectives processing was found in the Apache 2 module mod_jk to forward\r\nrequests from the Apache web server to Tomcat. A JkUnmount rule for a\r\nsubtree of a previous JkMount rule could be ignored. This could allow a\r\nremote attacker to potentially access a private artifact in a tree that\r\nwould otherwise not be accessible to them.\r\n\r\nFor the oldstable distribution (wheezy), this problem has been fixed\r\nin version 1:1.2.37-1+deb7u1.\r\n\r\nFor the stable distribution (jessie), this problem has been fixed in\r\nversion 1:1.2.37-4+deb8u1.\r\n\r\nFor the testing distribution (stretch), this problem has been fixed\r\nin version 1:1.2.40+svn150520-1.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 1:1.2.40+svn150520-1.\r\n\r\nWe recommend that you upgrade your libapache-mod-jk packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBCgAGBQJVb0AhAAoJEAVMuPMTQ89Ef+gP/1e6ZRHna5rrHYiaclwnWg8Y\r\nYHIjWwqfsnldjqfTirrBtf9TlLZrqIUHhaeaA0PEbzvzqVfh5QToOvvMeFHqXLS2\r\n4eSmUtc3hb5BQlSvPsuP5RzeDYPy0S2zRaJlQ6dKSXmxb3Zh1drjxUg9kzpEGU9v\r\nykwDIRO7w+YpfcNqoxldgL0JOngMa9Qhl/wSwLV559wrESiSp2QifN/JZz2YRvsp\r\nXeZvCHV5dHYJLfCOn3bQ6QRf0votEFObrW2T14noo/Srxv1n+4sstql7bCDbKW8c\r\nO3SrlEk7HX5N4qPlG8Jo288NH1gqxXbuJ9SqF1MlIJsYE2UWT2nydfHVM1vMH23+\r\nSpfd51SfmrK2GSOg2tna29BDGInDZ0Tud+GqsTKMMICgtg7SCK4FIrZYhhFFompG\r\nli9h7DE96Cbv6J5a8JSIYg/kyzFOO8VcYakOUOJ2Oyo8Tv2a6GJLF9azjsThE7bv\r\nLBUWbk2cOsd98BYtsUwFKJhqQLBvRCYnw85/WbC8EDmkbyrxIKf0uaF1e6vc9qV9\r\n4OKmIgbNageXDzrfnc9PrwZ05xPiPhFJUk3Bu3XzosMzqU7XBPhtjkvPGJGcMv9g\r\ncCepn+vtFQFBR612a4Gm16XN068zbnBR8VHx3PRNIVkPyhoxR55RdFtwPL7FCHX0\r\nXVZyRUFDwW4cMiJnJ49U\r\n=M39D\r\n-----END PGP SIGNATURE-----\r\n\r\n\r\n--\r\nTo UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org\r\nwith a subject of \"unsubscribe\". Trouble? Contact listmaster@lists.debian.org\r\nArchive: https://lists.debian.org/E1Z0E7U-0004Bc-Jv@master.debian.org" |
| } |