This bug was fixed in the package apache2 - 2.2.14-5ubuntu8.12
---------------
apache2 (2.2.14-5ubuntu8.12) lucid-security; urgency=low
* SECURITY UPDATE: log file poisoning via mod_rewrite (LP: #1188069)
- debian/patches/CVE-2013-1862.dpatch: properly escape items in
modules/mappers/mod_rewrite.c.
- CVE-2013-1862
* SECURITY UPDATE: denial of service via MERGE request
- debian/patches/CVE-2013-1896.dpatch: make sure DAV is enabled for URI
in modules/dav/main/mod_dav.c.
- CVE-2013-1896
-- Marc Deslauriers <[email protected]> Fri, 12 Jul 2013 09:00:34
-0400
** Changed in: apache2 (Ubuntu Lucid)
Status: Confirmed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-1896
** Changed in: apache2 (Ubuntu Quantal)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/1188069
Title:
apache2 mod_rewrite CVE 2013-1862
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1188069/+subscriptions
--
Ubuntu-server-bugs mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
