Package: apache2 Version: 2.2.3-4+etch6 Severity: serious Tags: security , patch
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for apache2. CVE-2009-1890[0]: | The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy | module in the Apache HTTP Server before 2.3.3, when a reverse proxy is | configured, does not properly handle an amount of streamed data that | exceeds the Content-Length value, which allows remote attackers to | cause a denial of service (CPU consumption) via crafted requests. Patches are available [0]. Please coordinate with the security team to prepare updates for the stable releases. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890 http://security-tracker.debian.net/tracker/CVE-2009-1890 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
