Thanks for reporting this issue, which is CVE-2011-0419. It's a vulnerability in apache's apr library, which in Ubuntu is shipped in the separate 'apr' source package, and the apache packages links against it. It was addressed in USN-1134-1 <http://www.ubuntu.com/usn/usn-1134-1>.
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-0419 ** Changed in: apache2 (Ubuntu) Status: New => Invalid ** Also affects: apr (Ubuntu) Importance: Undecided Status: New ** Changed in: apr (Ubuntu) Status: New => Fix Released ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/871673 Title: APR "apr_fnmatch()" Denial of Service Vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/871673/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
