On Tue, Jun 04, 2013 at 06:50:50AM +0200, Salvatore Bonaccorso wrote: > Hi Alberto > > On Wed, May 29, 2013 at 09:17:26AM +0200, Salvatore Bonaccorso wrote: > > the following vulnerability was published for modsecurity-apache. > > > > CVE-2013-2765[0]: > > NULL pointer dereference > > > > Upstream patch is at [1], fixed in 2.7.4[2]. > > > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > For further information see: > > > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2765 > > http://security-tracker.debian.org/tracker/CVE-2013-2765 > > [1] > > https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba > > [2] https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES > > > > Please adjust the affected versions in the BTS as needed. > > Did you had a chance to already look at the upload for unstable? Can > you also contact the Stable Release Managers for asking then for the > inclusion in the next point release? (Note that the freeze for the NEW > queue for it is already the coming weekend).
Hi Salvatore, I was the AFK all the weekend, I'm preparing the upload to unstable now, and will contact SRM afterwards. Thanks, Alberto -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
