Your message dated Thu, 06 Jun 2013 19:32:23 +0000
with message-id <[email protected]>
and subject line Bug#710217: fixed in libapache-mod-security 2.5.12-1+squeeze3
has caused the Debian Bug report #710217,
regarding modsecurity-apache: CVE-2013-2765: NULL pointer dereference
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
710217: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710217
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: modsecurity-apache
Severity: grave
Tags: security upstream patch
Hi,
the following vulnerability was published for modsecurity-apache.
CVE-2013-2765[0]:
NULL pointer dereference
Upstream patch is at [1], fixed in 2.7.4[2].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2765
http://security-tracker.debian.org/tracker/CVE-2013-2765
[1]
https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba
[2] https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libapache-mod-security
Source-Version: 2.5.12-1+squeeze3
We believe that the bug you reported is fixed in the latest version of
libapache-mod-security, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alberto Gonzalez Iniesta <[email protected]> (supplier of updated
libapache-mod-security package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 04 Jun 2013 10:14:45 +0000
Source: libapache-mod-security
Binary: libapache-mod-security mod-security-common
Architecture: source all amd64
Version: 2.5.12-1+squeeze3
Distribution: squeeze
Urgency: low
Maintainer: Alberto Gonzalez Iniesta <[email protected]>
Changed-By: Alberto Gonzalez Iniesta <[email protected]>
Description:
libapache-mod-security - Tighten web applications security for Apache
mod-security-common - Tighten web applications security - common files
Closes: 710217
Changes:
libapache-mod-security (2.5.12-1+squeeze3) squeeze; urgency=low
.
* Applied upstream patch to fix NULL pointer dereference.
CVE-2013-2765. (Closes: #710217)
Checksums-Sha1:
c02fcdb627b98b5a4f15a7e23362092afdc7e69b 1923
libapache-mod-security_2.5.12-1+squeeze3.dsc
eb2068e5d31525fa53769dabd1a1c65896fd4e76 1392209
libapache-mod-security_2.5.12.orig.tar.gz
eadf51d57f13f9cf37c012aa7812c37f6137a59b 10946
libapache-mod-security_2.5.12-1+squeeze3.debian.tar.gz
0ae1b1e91963ff502e81731b6064db02fb7c5cfb 959788
mod-security-common_2.5.12-1+squeeze3_all.deb
0ee7717da678a00b6097605c20d7ae30aff80244 122804
libapache-mod-security_2.5.12-1+squeeze3_amd64.deb
Checksums-Sha256:
36c9e48a81fc7b9e02e2a5d3e551e92e514b16bde216450aad89fcf5e4dc2175 1923
libapache-mod-security_2.5.12-1+squeeze3.dsc
168bb6591a0f9665169e0ed223a00d63a1c87e11d1e56388abcf431f30efaa84 1392209
libapache-mod-security_2.5.12.orig.tar.gz
a00247fb963c8962f4fc7fc8f821e4b0a169381422081e2c7682cf84c3099b22 10946
libapache-mod-security_2.5.12-1+squeeze3.debian.tar.gz
b344af0d441e9a154e241f5596e85a0b649b3db760f676c42e565befae992d1c 959788
mod-security-common_2.5.12-1+squeeze3_all.deb
2ea910dc31638b9fa7d3ba3dc5b5b09f0bcf7815a0b1eb90bc9711bc137135ec 122804
libapache-mod-security_2.5.12-1+squeeze3_amd64.deb
Files:
87202487f73f22e93ae998b6c5e8df95 1923 httpd optional
libapache-mod-security_2.5.12-1+squeeze3.dsc
f7d14b97bbe54ecb953125b0f9b87a24 1392209 httpd optional
libapache-mod-security_2.5.12.orig.tar.gz
052554b0ea1a44e80052f15e29f1388f 10946 httpd optional
libapache-mod-security_2.5.12-1+squeeze3.debian.tar.gz
c4f30996a9af73dad1be5afc88204992 959788 httpd optional
mod-security-common_2.5.12-1+squeeze3_all.deb
e53506c735fd6ebeb2d7ed549d5df450 122804 httpd optional
libapache-mod-security_2.5.12-1+squeeze3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJRsKE4AAoJEACbM3VrmqpVtu0P/jFzBpE8ey9AzLUaw0lNCel6
eWZRVK3pcomVMaluBbLmS3ydS1a+k8RAw36TOin4tG3LxmzSy3DNRck1d8XCt/E0
+FieC+uJC+4K0cLZYUvLgUUw3fEZ13WKDSuSg6nyfMXhfdZ/p/jkhkfL7rWlrDCg
wz4lE6xg6OWPxGI70YdDGH1BvtMlLe341dukZBLLGrcIDb3GJM1rBTA10KGkxkFW
whXIsXFhpXWmLldnKfl9hoyyTr9R/UsqyRQrijCL0a4dLzxa/iGDmAzClA6XMo7v
hVsR3p5Ft9nv+xAuQXv954EHYMwNQBKI6xP57nJb0OANb4oPxz6Zn0HQFuzy2GTp
AM+ABnkrreewxwxW96am/PUv6iLphdIWiCLXwGtZn5tLl3Wowt1Iffbcu9XZbKz7
yGUhLG/8IrKXFUXlGB1E55PDVf4IIWb52YEhuMB13C4mVJ4po0mcTEmtY5k+EMBj
gxrhPHaiVHjlw3p28jjV0djjvZgoLNKItzSfTi3LgJF/LG9ccmdsoG8rl4ULBP/6
/7Gi5QnJ9EN1m8fBaO/9vPxrIT5ljD2f6I5wYFwN9UuGWXsG2Xx3qyWuD7zn33uh
zw9BegVcrpsI4PTsMc8p9SxNj76MwgKChYszZSUne8IjpuUwzP3sWEIZt5ZwWnVd
PqNmOTjHHsZrXEqRLo9v
=8b6i
-----END PGP SIGNATURE-----
--- End Message ---
