Thanks for reporting this issue, which is CVE-2011-0419. It's a vulnerability in apache's apr library, which in Ubuntu is shipped in the separate 'apr' source package, and the apache packages links against it. It was addressed in USN-1134-1 <http://www.ubuntu.com/usn/usn-1134-1>.
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-0419 ** Changed in: apache2 (Ubuntu) Status: New => Invalid ** Also affects: apr (Ubuntu) Importance: Undecided Status: New ** Changed in: apr (Ubuntu) Status: New => Fix Released ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/871673 Title: APR "apr_fnmatch()" Denial of Service Vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/871673/+subscriptions -- Ubuntu-server-bugs mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
