Hi Alberto On Wed, May 29, 2013 at 09:17:26AM +0200, Salvatore Bonaccorso wrote: > the following vulnerability was published for modsecurity-apache. > > CVE-2013-2765[0]: > NULL pointer dereference > > Upstream patch is at [1], fixed in 2.7.4[2]. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2765 > http://security-tracker.debian.org/tracker/CVE-2013-2765 > [1] > https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba > [2] https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES > > Please adjust the affected versions in the BTS as needed.
Did you had a chance to already look at the upload for unstable? Can you also contact the Stable Release Managers for asking then for the inclusion in the next point release? (Note that the freeze for the NEW queue for it is already the coming weekend). Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
