Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4FE3EE99.1030007@redhat.com>
Date: Thu, 21 Jun 2012 22:03:37 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>,
        Breno Silva Pinto <BPinto@...stwave.com>,
        Stefan Esser <stefan.esser@...tioneins.de>
Subject: mod_security CVE request

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE request for mod_security multi-part bypass:

This issue was partially fixed in 2009 and then corrected completely
(I hope =) in 2012, so 2 CVE's.

2009:
https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2/msc_multipart.c?r2=1419&r1=1366

2012: commit c5d749a0d809cf24335cd35720d7eac99ba7ea44
Author: brenosilva <brenosilva@...7d574-64ec-4062-9424-5e00b32a252b>
Date:   Fri Jun 1 20:16:06 2012 +0000
MODSEC-312
svn co
https://mod-security.svn.sourceforge.net/svnroot/mod-security/m2/trunk
modsecurity
svn diff  -r 1917:1918



- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP4+6VAAoJEBYNRVNeJnmTc2IQAN1Ti27MyN7LXfOr+nV3Mt0J
R81ZwVMDIn0leHUzuFkquXU95aZ181MmmGY50R3ndJ2s0byHWRhog91V9Asi+9C/
0eQ1+GXdSfNc0eFqZAgIxBUdSnfvdB2f4rjwEXJATtzW8GuWNvxkvKAyRgH17JSm
NoxG6230J9DYT1kSqfKcBZyQpDowewzLRvZ2oMGOD0NeZVh0zzCX9NWVy6/U0jfj
wZv7Ijgh8yrgP5XodX3jkC76SW8Sx+2HQsJwqHkLDzmEXnGx54itcTR0KJQlVAm9
DcB4ci/6jXd4yigkaS6GHlov2M0bb65DXvdMJVnS4BBLZeWpD7oAzSHQjw2lOLzz
qeFTOPb7zvbC2z9vseEzqK8N/W6ZAKKal8Jqa9458UUiH0SCNfkRv3LVqsrrm2xS
Jkkjdtu3WhQvcqCRL6TgCN/FGGldmN8Pj0VnN1SxXsF+URiipbZhD5vabs1GL950
U31Ow9KevKw+FGxGH0DwXC9s1rMpXamK8Tl1stPYd4gaJy5l728u4yHnEJWfmNFu
u0vZ/B5ujqdzWNal2pYCE1NtPRe2vfWcuoRzzhxtvz6bFst/s87M7v+mOliomeQF
QjdPyRoIwEmb+ckz3qxvW+r48UJhVy3OHy23+ZbIbg51MfslBTLlZqYqA5ohN3Ao
JsjNCtSkWMjR55K2vMdi
=5gNG
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.