Package: libapache-mod-security

Package: libapache-mod-security / 2.5.12-1+squeeze4

Package	Version	Patches format
libapache-mod-security	2.5.12-1+squeeze4	3.0 (quilt)

Patch	File delta	Description
CVE 2012 2751.patch \| (download)	apache2/msc_multipart.c \| 45 44 + 1 - 0 ! 1 file changed, 44 insertions(+), 1 deletion(-)	---
CVE 2013 2765.patch \| (download)	apache2/msc_reqbody.c \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	---
CVE 2013 1915.patch \| (download)	apache2/apache2_config.c \| 43 43 + 0 - 0 ! apache2/modsecurity.h \| 3 3 + 0 - 0 ! apache2/msc_xml.c \| 10 10 + 0 - 0 ! 3 files changed, 56 insertions(+)	cve-2013-1915: vulnerable to xxe attacks This upstream patch has been backported to the Wheezy version.
CVE 2013 5705.patch \| (download)	apache2/modsecurity.c \| 2 1 + 1 - 0 ! apache2/msc_util.c \| 18 18 + 0 - 0 ! apache2/msc_util.h \| 3 3 + 0 - 0 ! 3 files changed, 22 insertions(+), 1 deletion(-)	fix bypass of intended rules via chunked requests CVE-2013-5705: Martin Holst Swende discovered a flaw in the way mod_security handled chunked requests. A remote attacker could use this flaw to bypass intended mod_security restrictions, allowing them to send requests containing content that should have been removed by mod_security.

Patch	File delta	Description
CVE 2012 2751.patch \| (download)	apache2/msc_multipart.c \| 45 44 + 1 - 0 ! 1 file changed, 44 insertions(+), 1 deletion(-)	---
CVE 2013 2765.patch \| (download)	apache2/msc_reqbody.c \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	---
CVE 2013 1915.patch \| (download)	apache2/apache2_config.c \| 43 43 + 0 - 0 ! apache2/modsecurity.h \| 3 3 + 0 - 0 ! apache2/msc_xml.c \| 10 10 + 0 - 0 ! 3 files changed, 56 insertions(+)	cve-2013-1915: vulnerable to xxe attacks This upstream patch has been backported to the Wheezy version.
CVE 2013 5705.patch \| (download)	apache2/modsecurity.c \| 2 1 + 1 - 0 ! apache2/msc_util.c \| 18 18 + 0 - 0 ! apache2/msc_util.h \| 3 3 + 0 - 0 ! 3 files changed, 22 insertions(+), 1 deletion(-)	fix bypass of intended rules via chunked requests CVE-2013-5705: Martin Holst Swende discovered a flaw in the way mod_security handled chunked requests. A remote attacker could use this flaw to bypass intended mod_security restrictions, allowing them to send requests containing content that should have been removed by mod_security.