Package: modsecurity-apache

Package: modsecurity-apache / 2.6.6-6+deb7u2

Package	Version	Patches format
modsecurity-apache	2.6.6-6+deb7u2	3.0 (quilt)

Patch	File delta	Description
CVE 2013 1915.patch \| (download)	apache2/apache2_config.c \| 44 44 + 0 - 0 ! apache2/modsecurity.h \| 3 3 + 0 - 0 ! apache2/msc_xml.c \| 10 10 + 0 - 0 ! 3 files changed, 57 insertions(+)	cve-2013-1915: vulnerable to xxe attacks This upstream patch has been backported to the Wheezy version.
debian_log_dir.patch \| (download)	modsecurity.conf-recommended \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	set correct path to log file
CVE 2012 4528.patch \| (download)	apache2/msc_multipart.c \| 9 7 + 2 - 0 ! apache2/msc_multipart.h \| 1 1 + 0 - 0 ! apache2/re_variables.c \| 24 24 + 0 - 0 ! modsecurity.conf-recommended \| 1 1 + 0 - 0 ! 4 files changed, 33 insertions(+), 2 deletions(-)	---
CVE 2013 2765.patch \| (download)	apache2/msc_reqbody.c \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	---
CVE 2013 5705.patch \| (download)	apache2/modsecurity.c \| 2 1 + 1 - 0 ! apache2/msc_util.c \| 18 18 + 0 - 0 ! apache2/msc_util.h \| 2 2 + 0 - 0 ! 3 files changed, 21 insertions(+), 1 deletion(-)	fix bypass of intended rules via chunked requests CVE-2013-5705: Martin Holst Swende discovered a flaw in the way mod_security handled chunked requests. A remote attacker could use this flaw to bypass intended mod_security restrictions, allowing them to send requests containing content that should have been removed by mod_security.

Patch	File delta	Description
CVE 2013 1915.patch \| (download)	apache2/apache2_config.c \| 44 44 + 0 - 0 ! apache2/modsecurity.h \| 3 3 + 0 - 0 ! apache2/msc_xml.c \| 10 10 + 0 - 0 ! 3 files changed, 57 insertions(+)	cve-2013-1915: vulnerable to xxe attacks This upstream patch has been backported to the Wheezy version.
debian_log_dir.patch \| (download)	modsecurity.conf-recommended \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	set correct path to log file
CVE 2012 4528.patch \| (download)	apache2/msc_multipart.c \| 9 7 + 2 - 0 ! apache2/msc_multipart.h \| 1 1 + 0 - 0 ! apache2/re_variables.c \| 24 24 + 0 - 0 ! modsecurity.conf-recommended \| 1 1 + 0 - 0 ! 4 files changed, 33 insertions(+), 2 deletions(-)	---
CVE 2013 2765.patch \| (download)	apache2/msc_reqbody.c \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	---
CVE 2013 5705.patch \| (download)	apache2/modsecurity.c \| 2 1 + 1 - 0 ! apache2/msc_util.c \| 18 18 + 0 - 0 ! apache2/msc_util.h \| 2 2 + 0 - 0 ! 3 files changed, 21 insertions(+), 1 deletion(-)	fix bypass of intended rules via chunked requests CVE-2013-5705: Martin Holst Swende discovered a flaw in the way mod_security handled chunked requests. A remote attacker could use this flaw to bypass intended mod_security restrictions, allowing them to send requests containing content that should have been removed by mod_security.