Ubuntu
libapache2-mod-fcgid package

CVE-2013-4365: possible heap buffer overwrite

Bug #1238242 reported by Felix Geyer
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libapache2-mod-fcgid (Debian)
Fix Released
Unknown
libapache2-mod-fcgid (Ubuntu)
Fix Released
Undecided
Unassigned
Lucid
Won't Fix
Undecided
Unassigned
Precise
Fix Released
Undecided
Unassigned
Quantal
Fix Released
Undecided
Unassigned
Raring
Fix Released
Undecided
Unassigned
Saucy
Fix Released
Undecided
Unassigned

Bug Description

http://<email address hidden>/msg58077.html

> *) SECURITY: CVE-2013-4365 (cve.mitre.org)
> Fix possible heap buffer overwrite. Reported and solved by:
> [Robert Matthews <rob tigertech.com>]

Bug Watch Updater (bug-watch-updater)
Changed in libapache2-mod-fcgid (Debian):
status: Unknown → Fix Released
Revision history for this message
Felix Geyer (debfx) wrote :

debdiff for precise

Revision history for this message
Felix Geyer (debfx) wrote :

debdiff for quantal

Revision history for this message
Felix Geyer (debfx) wrote :

debdiff for raring

Revision history for this message
Felix Geyer (debfx) wrote :

This bug was fixed in the package libapache2-mod-fcgid - 1:2.3.9-1

---------------
libapache2-mod-fcgid (1:2.3.9-1) unstable; urgency=high

  * New upstream release.
    - Fixes CVE-2013-4365: heap buffer overwrite. (Closes: #725942)
  * Further improve the long description. (Closes: #719534)

 -- Felix Geyer <email address hidden> Thu, 10 Oct 2013 19:49:42 +0200

Changed in libapache2-mod-fcgid (Ubuntu):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libapache2-mod-fcgid - 1:2.3.7-0ubuntu2.13.04.1

---------------
libapache2-mod-fcgid (1:2.3.7-0ubuntu2.13.04.1) raring-security; urgency=low

  * SECURITY UPDATE: heap buffer overwrite. (LP: #1238242)
    - Add debian/patches/20_CVE-2013-4365.dpatch, patch from upstream.
    - CVE-2013-4365
 -- Felix Geyer <email address hidden> Fri, 11 Oct 2013 19:18:31 +0200

Changed in libapache2-mod-fcgid (Ubuntu Raring):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libapache2-mod-fcgid - 1:2.3.6-1.1ubuntu0.1

---------------
libapache2-mod-fcgid (1:2.3.6-1.1ubuntu0.1) precise-security; urgency=low

  * SECURITY UPDATE: heap buffer overwrite. (LP: #1238242)
    - Add debian/patches/20_CVE-2013-4365.dpatch, patch from upstream.
    - CVE-2013-4365
 -- Felix Geyer <email address hidden> Fri, 11 Oct 2013 19:39:49 +0200

Changed in libapache2-mod-fcgid (Ubuntu Precise):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libapache2-mod-fcgid - 1:2.3.7-0ubuntu2.12.10.1

---------------
libapache2-mod-fcgid (1:2.3.7-0ubuntu2.12.10.1) quantal-security; urgency=low

  * SECURITY UPDATE: heap buffer overwrite. (LP: #1238242)
    - Add debian/patches/20_CVE-2013-4365.dpatch, patch from upstream.
    - CVE-2013-4365
 -- Felix Geyer <email address hidden> Fri, 11 Oct 2013 19:44:31 +0200

Changed in libapache2-mod-fcgid (Ubuntu Quantal):
status: New → Fix Released
Revision history for this message
Seth Arnold (seth-arnold) wrote :

Thanks Felix!

Marc Deslauriers (mdeslaur)
Changed in libapache2-mod-fcgid (Ubuntu Lucid):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.