Ok, here's a patch with the fix for CVE-2012-2751 rolled in. I kind of made up the DEP-3 fields, but I think they'll at least satisfy their purpose.
I've tested that the resulting packages with this patch work at at least a basic level, but I still don't have POCs to test with or anything. ** Patch added: "libapache-mod-security_2.5.11-1ubuntu0.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/modsecurity-apache/+bug/1169030/+attachment/3645690/+files/libapache-mod-security_2.5.11-1ubuntu0.1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1169030 Title: CVE 2013-1915: local files disclosure or resource exhaustion via XML External Entity attack To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libapache-mod-security/+bug/1169030/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
