I did look at those - the patch for CVE-2009-5031 seems to have been applied already. The link to the patch for CVE-2012-2751 (http://mod- security.svn.sourceforge.net/viewvc/mod- security?view=revision&sortby=log&sortdir=down&revision=1918) appears to be dead, so I haven't been able to tell whether that patch has been applied or not.
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-5031 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2751 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1169030 Title: CVE 2013-1915: local files disclosure or resource exhaustion via XML External Entity attack To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libapache-mod-security/+bug/1169030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
