Your message dated Tue, 04 Jun 2013 07:48:10 +0000 with message-id <e1ujlyu-0000fm...@franck.debian.org> and subject line Bug#710217: fixed in modsecurity-apache 2.6.6-9 has caused the Debian Bug report #710217, regarding modsecurity-apache: CVE-2013-2765: NULL pointer dereference to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 710217: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710217 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: modsecurity-apache Severity: grave Tags: security upstream patch Hi, the following vulnerability was published for modsecurity-apache. CVE-2013-2765[0]: NULL pointer dereference Upstream patch is at [1], fixed in 2.7.4[2]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2765 http://security-tracker.debian.org/tracker/CVE-2013-2765 [1] https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba [2] https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: modsecurity-apache Source-Version: 2.6.6-9 We believe that the bug you reported is fixed in the latest version of modsecurity-apache, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 710...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Alberto Gonzalez Iniesta <a...@inittab.org> (supplier of updated modsecurity-apache package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 04 Jun 2013 09:34:41 +0200 Source: modsecurity-apache Binary: libapache2-modsecurity libapache-mod-security Architecture: source amd64 all Version: 2.6.6-9 Distribution: unstable Urgency: high Maintainer: Alberto Gonzalez Iniesta <a...@inittab.org> Changed-By: Alberto Gonzalez Iniesta <a...@inittab.org> Description: libapache-mod-security - Dummy transitional package libapache2-modsecurity - Tighten web applications security for Apache Closes: 710217 Changes: modsecurity-apache (2.6.6-9) unstable; urgency=high . * Applied upstream patch to fix NULL pointer dereference. CVE-2013-2765. (Closes: #710217) Checksums-Sha1: a8adfd31fdfc42321e4064c23530f732173eb9e2 1962 modsecurity-apache_2.6.6-9.dsc e8b160f1147f32c0e1ce92b4b9e6a7118442f12a 10620 modsecurity-apache_2.6.6-9.debian.tar.gz b34e655e33336b2dfafa0fa5a5de03b7ccb05efa 303016 libapache2-modsecurity_2.6.6-9_amd64.deb 0d6acb37bee2a8e5231d12e25d9385c32f70b574 18564 libapache-mod-security_2.6.6-9_all.deb Checksums-Sha256: 256bfd2c3903aae3392b399ed0115f27a37fd86365fad60a5a2a335663f3b506 1962 modsecurity-apache_2.6.6-9.dsc b09a1317c241bd15972f18bc2054b2a9893c18b54e1a70a3216f1dfc0ac99f9b 10620 modsecurity-apache_2.6.6-9.debian.tar.gz e00caf0384be44c13b6262c1d4abdb51e4d528d112da7d18823af4652e221dac 303016 libapache2-modsecurity_2.6.6-9_amd64.deb 935ee9669c37e03debc92fad048fdf5f1e264a004af625cf2a9131625330e3a3 18564 libapache-mod-security_2.6.6-9_all.deb Files: 3401772bbf8a8255ac9392303dbb8dcd 1962 httpd optional modsecurity-apache_2.6.6-9.dsc 42b5532568b554dee169c24fa91d8c41 10620 httpd optional modsecurity-apache_2.6.6-9.debian.tar.gz 76dc5c63ca5b663d5b16d642640934d0 303016 httpd optional libapache2-modsecurity_2.6.6-9_amd64.deb e668abf68b3fa029f79e3df231bf71f6 18564 oldlibs extra libapache-mod-security_2.6.6-9_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJRrZmYAAoJEACbM3VrmqpVk8UP/2ytC4Rzo0ryHbM7Xc90N5gn 5FU6ctp2+3QH0pI+kuvxq9or67YxVa33ucfDSut9KkLTQlXkPGL7uPvxKLzjyzsS 46VdmiEJk//XvCBfwNn6WgJg9vq6ZwUm+4HQGNE+oENFUhz7bpw7nUk/s1yA+WuQ +D6RR+H7dk88CIvkLAotsgfv0vtXN65Fmk63r+evxhRwmHjoLyv3IiLyRufMuntM 0pfk9F1ggypORfrF9ylwzG9ZSymaHcM9a3XwhIHZ/2463hIDEkVKTRHVPfYEZCB4 jlHakEazDaBtakb/SwTv6Opo8jeFpy56+c8AkvhWfZt34+J0RQgypHN5nsRuo3DF F2SgGWjEufPzmn3qCudxh/IJDBiP+GRo5Ex+yjHpnreoMoQOpbvuE2E3jSfqg7cs dqKZ05+dyLVvt+zOS6Lq5z3HQa6pC0eEthfnrjbbaCkJr/tfhG9xSRBWNz/LL+IN msEFc3FJIteTFHZajinQZPUZyH0t/jLYtC6cMD6RJFueBZGEtFj9pKccmocpegju dWBLSacmkY+wMHytQNb9kbtLuh3jKnjYtZOZkXu8/0IOPDbaauP8NfDTmh8awyzE LuS96O+K59Cx9IEUy78Q/FvIbN9EjfG7q0DqLrGIs8UALaNTiYP7Qpt8+jyl7/lR WelY0etZPcGC2FZ8ebVs =stRf -----END PGP SIGNATURE-----
--- End Message ---
