Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 21 Jun 2012 22:03:37 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>,
        Breno Silva Pinto <BPinto@...stwave.com>,
        Stefan Esser <stefan.esser@...tioneins.de>
Subject: mod_security CVE request

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE request for mod_security multi-part bypass:

This issue was partially fixed in 2009 and then corrected completely
(I hope =) in 2012, so 2 CVE's.

2009:
https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2/msc_multipart.c?r2=1419&r1=1366

2012: commit c5d749a0d809cf24335cd35720d7eac99ba7ea44
Author: brenosilva <brenosilva@...7d574-64ec-4062-9424-5e00b32a252b>
Date:   Fri Jun 1 20:16:06 2012 +0000
MODSEC-312
svn co
https://mod-security.svn.sourceforge.net/svnroot/mod-security/m2/trunk
modsecurity
svn diff  -r 1917:1918



- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP4+6VAAoJEBYNRVNeJnmTc2IQAN1Ti27MyN7LXfOr+nV3Mt0J
R81ZwVMDIn0leHUzuFkquXU95aZ181MmmGY50R3ndJ2s0byHWRhog91V9Asi+9C/
0eQ1+GXdSfNc0eFqZAgIxBUdSnfvdB2f4rjwEXJATtzW8GuWNvxkvKAyRgH17JSm
NoxG6230J9DYT1kSqfKcBZyQpDowewzLRvZ2oMGOD0NeZVh0zzCX9NWVy6/U0jfj
wZv7Ijgh8yrgP5XodX3jkC76SW8Sx+2HQsJwqHkLDzmEXnGx54itcTR0KJQlVAm9
DcB4ci/6jXd4yigkaS6GHlov2M0bb65DXvdMJVnS4BBLZeWpD7oAzSHQjw2lOLzz
qeFTOPb7zvbC2z9vseEzqK8N/W6ZAKKal8Jqa9458UUiH0SCNfkRv3LVqsrrm2xS
Jkkjdtu3WhQvcqCRL6TgCN/FGGldmN8Pj0VnN1SxXsF+URiipbZhD5vabs1GL950
U31Ow9KevKw+FGxGH0DwXC9s1rMpXamK8Tl1stPYd4gaJy5l728u4yHnEJWfmNFu
u0vZ/B5ujqdzWNal2pYCE1NtPRe2vfWcuoRzzhxtvz6bFst/s87M7v+mOliomeQF
QjdPyRoIwEmb+ckz3qxvW+r48UJhVy3OHy23+ZbIbg51MfslBTLlZqYqA5ohN3Ao
JsjNCtSkWMjR55K2vMdi
=5gNG
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ