enterprise-support team mailing list archive

Thread
Date

[Bug 1188069] Re: apache2 mod_rewrite CVE 2013-1862

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1188069@xxxxxxxxxxxxxxxxxx>
Date: Mon, 15 Jul 2013 12:43:15 -0000
Reply-to: Bug 1188069 <1188069@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package apache2 - 2.2.14-5ubuntu8.12

---------------
apache2 (2.2.14-5ubuntu8.12) lucid-security; urgency=low

  * SECURITY UPDATE: log file poisoning via mod_rewrite (LP: #1188069)
    - debian/patches/CVE-2013-1862.dpatch: properly escape items in
      modules/mappers/mod_rewrite.c.
    - CVE-2013-1862
  * SECURITY UPDATE: denial of service via MERGE request
    - debian/patches/CVE-2013-1896.dpatch: make sure DAV is enabled for URI
      in modules/dav/main/mod_dav.c.
    - CVE-2013-1896
 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>   Fri, 12 Jul 2013 09:00:34 -0400

** Changed in: apache2 (Ubuntu Lucid)
       Status: Confirmed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-1896

** Changed in: apache2 (Ubuntu Quantal)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1188069

Title:
  apache2 mod_rewrite CVE 2013-1862

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1188069/+subscriptions