Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 21 Jun 2012 22:09:59 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Breno Silva Pinto <BPinto@...stwave.com>,
        Stefan Esser <stefan.esser@...tioneins.de>
Subject: Re: mod_security CVE request

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/21/2012 10:03 PM, Kurt Seifried wrote:
> CVE request for mod_security multi-part bypass:
> 
> This issue was partially fixed in 2009 and then corrected
> completely (I hope =) in 2012, so 2 CVE's.
> 
> 2009: 
> https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2/msc_multipart.c?r2=1419&r1=1366

Please
> 
use CVE-2009-5031 for this issue.

> 2012: commit c5d749a0d809cf24335cd35720d7eac99ba7ea44 Author:
> brenosilva <brenosilva@...7d574-64ec-4062-9424-5e00b32a252b> Date:
> Fri Jun 1 20:16:06 2012 +0000 MODSEC-312 svn co 
> https://mod-security.svn.sourceforge.net/svnroot/mod-security/m2/trunk
>
> 
modsecurity
> svn diff  -r 1917:1918

Please use CVE-2012-2751 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP4/AXAAoJEBYNRVNeJnmTHV0QAMa2oPEBpIPcJw3OlUCOuWBC
RhmNCR0n8Jake43p/aDL8X6BmbQ6++1gQrlqkrWzGCd79iIZ6N1qI7PDtajRLLAP
9S82E+1iyCILcgJEExbVeEme2UVncUHTulXIaiE+1YLcaIT6G+O23rHFMZ1xwnvd
x+lDqAGxJxlnzEkQjH1Q4jpoZXSsuyeIUIfgysLreczjL1YjZMn9Jn5X69dvXHr+
XkLuWkE3KO+EuKA4FB5Mnf4atq7D4k/e8UvVgxveY56de2P3F63EXBhL8e+7HH6P
eMIwpHl7GvLyHqzui2xoLwcVa7cdYBa35eUDBML+pc3B+K5EvpicUbSPrBKYpzyH
X89izH2OGm3ZziPWatddXBSQLrYcbPcPqMEw8Flzm7cyg/0EqUcpjJA26y7lItsC
Fbeq2wzQhVClDD5uIzEWSQWE/bm5UNucfJUqKY6y0qiRjb815lJqoLu9SUk0DRNn
NPsqQmBFj1IB2nDfllR8SvJAGfFJF+RuVVgif6IkF+pSnewmqy9ezxyz33+EawlO
8pXz7AoxF1dfUT6x1Ld73D1vMIgpo/uZNqoH618E3CxiYPwcSAUVViC/AmmTHDzJ
sIA5PDyhJaOntNzY3B5TiXK1GZEpXB5gmX90/HbxUpzvRpqkriW0QgTtxeoeT3jl
4uIjKraKXQxUUa/dv4C7
=tzkC
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ