Bug#920303: apache2: CVE-2018-17199: mod_session_cookie does not respect expiry time

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#920303: apache2: CVE-2018-17199: mod_session_cookie does not respect expiry time
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 23 Jan 2019 21:32:56 +0100
Message-id: <[🔎] 154827557657.24642.522223034158520162.reportbug@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 920303@bugs.debian.org

Source: apache2
Version: 2.4.37-1
Severity: important
Tags: security upstream fixed-upstream
Control: found -1 2.4.25-3+deb9u6
Control: found -1 2.4.25-3

Hi,

The following vulnerability was published for apache2.

CVE-2018-17199[0]:
mod_session_cookie does not respect expiry time

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-17199
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199
[1] https://www.openwall.com/lists/oss-security/2019/01/22/3

Regards,
Salvatore

Reply to:

Follow-Ups:
- Processed: apache2: CVE-2018-17199: mod_session_cookie does not respect expiry time
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#920303: marked as done (apache2: CVE-2018-17199: mod_session_cookie does not respect expiry time)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Processed: apache2: CVE-2018-17189: mod_http2, DoS via slow, unneeded request bodies
Next by Date: Processed: apache2: CVE-2018-17199: mod_session_cookie does not respect expiry time
Previous by thread: Bug#920302: marked as done (apache2: CVE-2018-17189: mod_http2, DoS via slow, unneeded request bodies)
Next by thread: Processed: apache2: CVE-2018-17199: mod_session_cookie does not respect expiry time
Index(es):
- Date
- Thread