Source: libapache-mod-jk Severity: serious Tags: security Hi,
the following vulnerability was published for libapache-mod-jk. CVE-2014-8111[0]: | Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount | rules for subtrees of previous JkMount rules, which allows remote | attackers to access otherwise restricted artifacts via unspecified | vectors. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-8111 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8111 Please adjust the affected versions in the BTS as needed. The upstream fix is here: http://svn.apache.org/r1647017 Feel freet to lower the severiy if you believe the issue to be minor. I'm not familiar enough with the software to be able to judge. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
