On Wed, Aug 22, 2012 at 11:57:59AM +0200, Thijs Kinkhorst wrote: > Debian Security Advisory DSA-2532-1 security@debian.org > Package : libapache2-mod-rpaf > Debian-specific: no I think it should be marked as Debian-specific. Please, see removed tag upstream for #683984. Outside of the Debian an exploit is still be possible, for example, due to some broken third-party stuff (ex. authz_host_module) using garbage in r->connection->remote_ip, modified by this module. It's a potential problem, of course. > through a single crafted request with many headers. with a specific crafted X-forwarded-For header.
Attachment:
signature.asc
Description: Digital signature