![]() |
|
Date: Thu, 21 Jun 2012 22:03:37 -0600 From: Kurt Seifried <kseifried@...hat.com> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>, Breno Silva Pinto <BPinto@...stwave.com>, Stefan Esser <stefan.esser@...tioneins.de> Subject: mod_security CVE request -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE request for mod_security multi-part bypass: This issue was partially fixed in 2009 and then corrected completely (I hope =) in 2012, so 2 CVE's. 2009: https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2/msc_multipart.c?r2=1419&r1=1366 2012: commit c5d749a0d809cf24335cd35720d7eac99ba7ea44 Author: brenosilva <brenosilva@...7d574-64ec-4062-9424-5e00b32a252b> Date: Fri Jun 1 20:16:06 2012 +0000 MODSEC-312 svn co https://mod-security.svn.sourceforge.net/svnroot/mod-security/m2/trunk modsecurity svn diff -r 1917:1918 - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP4+6VAAoJEBYNRVNeJnmTc2IQAN1Ti27MyN7LXfOr+nV3Mt0J R81ZwVMDIn0leHUzuFkquXU95aZ181MmmGY50R3ndJ2s0byHWRhog91V9Asi+9C/ 0eQ1+GXdSfNc0eFqZAgIxBUdSnfvdB2f4rjwEXJATtzW8GuWNvxkvKAyRgH17JSm NoxG6230J9DYT1kSqfKcBZyQpDowewzLRvZ2oMGOD0NeZVh0zzCX9NWVy6/U0jfj wZv7Ijgh8yrgP5XodX3jkC76SW8Sx+2HQsJwqHkLDzmEXnGx54itcTR0KJQlVAm9 DcB4ci/6jXd4yigkaS6GHlov2M0bb65DXvdMJVnS4BBLZeWpD7oAzSHQjw2lOLzz qeFTOPb7zvbC2z9vseEzqK8N/W6ZAKKal8Jqa9458UUiH0SCNfkRv3LVqsrrm2xS Jkkjdtu3WhQvcqCRL6TgCN/FGGldmN8Pj0VnN1SxXsF+URiipbZhD5vabs1GL950 U31Ow9KevKw+FGxGH0DwXC9s1rMpXamK8Tl1stPYd4gaJy5l728u4yHnEJWfmNFu u0vZ/B5ujqdzWNal2pYCE1NtPRe2vfWcuoRzzhxtvz6bFst/s87M7v+mOliomeQF QjdPyRoIwEmb+ckz3qxvW+r48UJhVy3OHy23+ZbIbg51MfslBTLlZqYqA5ohN3Ao JsjNCtSkWMjR55K2vMdi =5gNG -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.