Yeah, the Koji build has been deleted as well: http://koji.fedoraproject.org/koji/buildinfo?buildID=242226
It would be a good idea to update your rules for 2.7. That mod_security-2.5.12-2.el6 build is over four years old and subject to several CVEs... CVE-2013-5705 apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. CVE-2013-2765 The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header. CVE-2013-1915 ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability. CVE-2012-4528 The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data. CVE-2012-2751 ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031. - Ken On Fri, Nov 6, 2015 at 9:02 AM, Athmane Madjoudj <athm...@fedoraproject.org> wrote: > Hi, > > On Fri, Nov 6, 2015 at 1:25 PM, Harriman, Chad (SAA) > <chad_harri...@saa.senate.gov> wrote: >> >> I have the repo for EPEL synced on my satellite server and the upgrade to >> 2.7 broke. I need to downgrade but I do not have the >> mod_security-2.5.12-2.el6.x86_64 package. >> How do I obtain a copy to downgrade? > > > I guess, you could rebuild EL5 package (it's 2.6.8 + security pacthes), > rules for 2.5 should run fine with 2.6.x. > > AFAIK, we don't keep the old version of the package in the repo. > > > Best regards. > > -- Athmane > > _______________________________________________ > epel-devel mailing list > epel-devel@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/epel-devel > _______________________________________________ epel-devel mailing list epel-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/epel-devel
