Bug#462458: apache2: SSL renegotiation does not work on POST requests in certain configurations

Package: apache2
Version: 2.2.3-4+etch3
Severity: important

When mod_fastcgi and mod_action are used (for example, to implement PHP4 and PHP5 in the same server), data from POST requests which is buffered during SSL renegotiation is not reinjected correctly through the filter chain. (Technically, anything that causes Apache to do an internal redirect on a POST request under SSL renegotiation can cause this bug to surface.)

This bug was reported upstream as ASF Bugzilla Bug 43738 (<http://issues.apache.org/bugzilla/show_bug.cgi?id=43738>), and has been fixed in the Apache development line and in the 2.2 branch for a future release (Apache SVN revision 608787, <http://svn.apache.org/viewvc?view=rev&revision=608787>).

• System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-xen-amd64 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages apache2 depends on: ii apache2-mpm-prefork 2.2.3-4+etch3 Traditional model for Apache HTTPD

apache2 recommends no packages.

• no debconf information

--

To UNSUBSCRIBE, email to debian-apache-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Received on Thu Jan 24 18:43:03 2008