[DLA 34-1] libapache-mod-security security update

To: debian-lts-announce@lists.debian.org
Subject: [DLA 34-1] libapache-mod-security security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sat, 9 Aug 2014 15:56:43 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.4.64.1408091554170.26553@tor.gallien.in-chemnitz.de>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Package        : libapache-mod-security
Version        : 2.5.12-1+squeeze4
CVE ID         : CVE-2013-5705

Martin Holst Swende discovered a flaw in the way mod_security handledchunked requests. A remote attacker could use this flaw to bypassintended mod_security restrictions, allowing them to send requestscontaining content that should have been removed by mod_security.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFT5iid02K2KlS5mJARAiHrAKCOkaHxyQTImX8pEY2W9P/VilEi2gCfdXuM
Z2RhzE8r7VLGtOyBxWVCYbI=
=0puD
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [DLA 33-1] openssl security update
Next by Date: [DLA 35-1] lzo2 security update
Previous by thread: [DLA 33-1] openssl security update
Next by thread: [DLA 35-1] lzo2 security update
Index(es):
- Date
- Thread