Bug#734447: opu: package apache2/2.2.16-6+squeeze11 - CVE-2013-1862
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: opu
CVE-2013-1862 is a low impact security bug. It should be fixed via opu.
Apache maintainers: Do you want to handle this yourself?
Bastian
diff -u apache2-2.2.16/debian/changelog apache2-2.2.16/debian/changelog
--- apache2-2.2.16/debian/changelog
+++ apache2-2.2.16/debian/changelog
@@ -1,3 +1,11 @@
+apache2 (2.2.16-6+squeeze11.1) UNRELEASED; urgency=low
+
+ * Non-maintainer upload.
+ * Properly escape data written to rewrite log.
+ CVE-2013-1862
+
+ -- Bastian Blank <bastian.blank@credativ.de> Tue, 07 Jan 2014 09:48:07 +0000
+
apache2 (2.2.16-6+squeeze11) squeeze-security; urgency=high
* CVE-2013-1048: Fix symlink vulnerability when creating /var/lock/apache2
diff -u apache2-2.2.16/debian/patches/00list apache2-2.2.16/debian/patches/00list
--- apache2-2.2.16/debian/patches/00list
+++ apache2-2.2.16/debian/patches/00list
@@ -48,0 +49 @@
+303_CVE-2013-1862.dpatch
only in patch2:
unchanged:
--- apache2-2.2.16.orig/debian/patches/303_CVE-2013-1862.dpatch
+++ apache2-2.2.16/debian/patches/303_CVE-2013-1862.dpatch
@@ -0,0 +1,33 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## DP: *) SECURITY: CVE-2013-1862 (cve.mitre.org)
+## DP: mod_rewrite: Ensure that client data written to the RewriteLog is
+## DP: escaped to prevent terminal escape sequences from entering the
+## DP: log file. [Joe Orton]
+@DPATCH@
+--- a/modules/mappers/mod_rewrite.c (revision 1469310)
++++ b/modules/mappers/mod_rewrite.c (working copy)
+@@ -500,11 +500,11 @@
+
+ logline = apr_psprintf(r->pool, "%s %s %s %s [%s/sid#%pp][rid#%pp/%s%s%s] "
+ "(%d) %s%s%s%s" APR_EOL_STR,
+- rhost ? rhost : "UNKNOWN-HOST",
+- rname ? rname : "-",
+- r->user ? (*r->user ? r->user : "\"\"") : "-",
++ rhost ? ap_escape_logitem(r->pool, rhost) : "UNKNOWN-HOST",
++ rname ? ap_escape_logitem(r->pool, rname) : "-",
++ r->user ? (*r->user ? ap_escape_logitem(r->pool, r->user) : "\"\"") : "-",
+ current_logtime(r),
+- ap_get_server_name(r),
++ ap_escape_logitem(r->pool, ap_get_server_name(r)),
+ (void *)(r->server),
+ (void *)r,
+ r->main ? "subreq" : "initial",
+@@ -514,7 +514,7 @@
+ perdir ? "[perdir " : "",
+ perdir ? perdir : "",
+ perdir ? "] ": "",
+- text);
++ ap_escape_logitem(r->pool, text));
+
+ nbytes = strlen(logline);
+ apr_file_write(conf->rewritelogfp, logline, &nbytes);
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'testing-updates'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Reply to: