Your message dated Thu, 06 Jun 2013 18:47:05 +0000 with message-id <e1ukfdf-00042d...@franck.debian.org> and subject line Bug#710217: fixed in modsecurity-apache 2.6.6-6+deb7u1 has caused the Debian Bug report #710217, regarding modsecurity-apache: CVE-2013-2765: NULL pointer dereference to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 710217: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710217 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: modsecurity-apache Severity: grave Tags: security upstream patch Hi, the following vulnerability was published for modsecurity-apache. CVE-2013-2765[0]: NULL pointer dereference Upstream patch is at [1], fixed in 2.7.4[2]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2765 http://security-tracker.debian.org/tracker/CVE-2013-2765 [1] https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba [2] https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: modsecurity-apache Source-Version: 2.6.6-6+deb7u1 We believe that the bug you reported is fixed in the latest version of modsecurity-apache, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 710...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Alberto Gonzalez Iniesta <a...@inittab.org> (supplier of updated modsecurity-apache package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 29 May 2013 09:40:00 +0000 Source: modsecurity-apache Binary: libapache2-modsecurity libapache-mod-security Architecture: source amd64 all Version: 2.6.6-6+deb7u1 Distribution: wheezy Urgency: low Maintainer: Alberto Gonzalez Iniesta <a...@inittab.org> Changed-By: Alberto Gonzalez Iniesta <a...@inittab.org> Description: libapache-mod-security - Dummy transitional package libapache2-modsecurity - Tighten web applications security for Apache Closes: 710217 Changes: modsecurity-apache (2.6.6-6+deb7u1) wheezy; urgency=low . * Applied upstream patch to fix NULL pointer dereference. CVE-2013-2765. (Closes: #710217) Checksums-Sha1: 037b35175410aaf0ee7991f8bd2b48c3f6e4aea0 2020 modsecurity-apache_2.6.6-6+deb7u1.dsc 18f3eba967d60abfe117e0e7866b68f763da711f 781984 modsecurity-apache_2.6.6.orig.tar.gz 85f6d86ce823f0a0d495f39b972d89668fb1c036 10894 modsecurity-apache_2.6.6-6+deb7u1.debian.tar.gz 71a0693182159ad78fe757517c5aa8aaa27ed7b2 303634 libapache2-modsecurity_2.6.6-6+deb7u1_amd64.deb 4365fd3bee57db2cc818a508e9414abea880b958 18446 libapache-mod-security_2.6.6-6+deb7u1_all.deb Checksums-Sha256: ee1178f0f6aba375faf345c2c723235b6d2309993340fbafb9eee65d2068f2eb 2020 modsecurity-apache_2.6.6-6+deb7u1.dsc a0cb075d5898230d17da5805eb102d1bbba07fe0748dcc32920990c4711b7708 781984 modsecurity-apache_2.6.6.orig.tar.gz fa537b2fca5a82c4d122970b85086e80e3feec686794b8ad8a487efe64ad6aac 10894 modsecurity-apache_2.6.6-6+deb7u1.debian.tar.gz c3ece6b07c385aeec200bb4979edb3b440dc0e5673fc911140709cb7bc22ec6a 303634 libapache2-modsecurity_2.6.6-6+deb7u1_amd64.deb 3af1b0691e0e371467d7933af12a0f93e2881e42e7f440b39d1f7b74009d2cc0 18446 libapache-mod-security_2.6.6-6+deb7u1_all.deb Files: f5fe562b828ea5c57b5db0df7421031f 2020 httpd optional modsecurity-apache_2.6.6-6+deb7u1.dsc bc2ebcf326589c67fb6b53f630768c4e 781984 httpd optional modsecurity-apache_2.6.6.orig.tar.gz ea228b41b313d88290cd82a5914b5c23 10894 httpd optional modsecurity-apache_2.6.6-6+deb7u1.debian.tar.gz 4caf2b45ce0994bb0e377f3a4394a330 303634 httpd optional libapache2-modsecurity_2.6.6-6+deb7u1_amd64.deb 5e9b8b80df11d08aa20dc5f0e73cc6b4 18446 oldlibs extra libapache-mod-security_2.6.6-6+deb7u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJRrbxyAAoJEACbM3VrmqpV8FoP/jTXFuMXAPbUdFt+FzBeBKo3 bdxD1fNORDMLo7+x8nF4VBYXBVAkzgMCXc6WlkEwzkQBOkiyqKJyKN3pjPr7avIc EbEkghU44XMz9Rsne8J4XLvrXwT1eDoozwLNr1OR6wNhUUHbeoEImsSJBE6ddPpl Mfj5FrATj8oS3FDwP5lYdBS8HwIun+lj4qW9mR4L7sFZuaWPcKN5ye1coXPTwgAg IgQdSnnMPunsSbF/dV5bkpMhmGknkz477nr7vzxTDc0p+NImjetS2Gi2SHjyBRun eKyMeHuR3rWH90csg8pehrfLCGi+5qebecjnCfLoIDUYk8rlvgqGeVKYRbW6uWJh pWVNsMs40biWM2asUhdgiBYAGO6bEshKUJ4LfWweoCBvjuLWVWTsBczkJNIfNqGC x6+LMMBabgDgFycFZyJP8ewHBy+Ob+XoXnrinTiRd0iJ5xHpWnZ9D9R+n2bbN9oO wIKwg6s3/+UY5bQaYQjcm81oHOY1fuSGuFVTU1nNFOjUqYydahBtMZhqhIZ4YBsy iOCTBu9ftqRNzFwfECKZK2s8Hm9ucM0tg5zoj6tGpMrgKtNdoaSNZvF32UfosXIC wOI+MOqx86Rvt7YMP3BGcpEgOSECrayAEBnSzZCyAQ6ihKFAnvzufjPmYML315+w U4S3C4LdNT6E2av9fJSt =KTyD -----END PGP SIGNATURE-----
--- End Message ---
