CVE 2013-1915: local files disclosure or resource exhaustion via XML External Entity attack
Bug #1169030 reported by
Evan Broder
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libapache-mod-security (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Medium
|
Unassigned | ||
Precise |
Invalid
|
Undecided
|
Unassigned | ||
Quantal |
Invalid
|
Undecided
|
Unassigned | ||
Raring |
Invalid
|
Undecided
|
Unassigned | ||
Saucy |
Invalid
|
Undecided
|
Unassigned | ||
modsecurity-apache (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Lucid |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Won't Fix
|
Medium
|
Unassigned | ||
Quantal |
Won't Fix
|
Medium
|
Unassigned | ||
Raring |
Fix Released
|
Medium
|
Unassigned | ||
Saucy |
Fix Released
|
Medium
|
Unassigned |
Related branches
tags: | added: patch |
Changed in modsecurity-apache (Ubuntu Precise): | |
importance: | Undecided → Medium |
status: | New → Confirmed |
Changed in modsecurity-apache (Ubuntu Quantal): | |
importance: | Undecided → Medium |
status: | New → Confirmed |
Changed in modsecurity-apache (Ubuntu Raring): | |
importance: | Undecided → Medium |
status: | New → Confirmed |
Changed in modsecurity-apache (Ubuntu Saucy): | |
importance: | Undecided → Medium |
status: | Triaged → Confirmed |
Changed in libapache-mod-security (Ubuntu Precise): | |
status: | New → Invalid |
Changed in libapache-mod-security (Ubuntu Quantal): | |
status: | New → Invalid |
Changed in libapache-mod-security (Ubuntu Lucid): | |
importance: | Undecided → Medium |
status: | New → Fix Released |
Changed in libapache-mod-security (Ubuntu Raring): | |
status: | New → Invalid |
Changed in libapache-mod-security (Ubuntu Saucy): | |
status: | Fix Released → Invalid |
Changed in modsecurity-apache (Ubuntu Lucid): | |
status: | New → Invalid |
Changed in modsecurity-apache (Ubuntu Quantal): | |
status: | Confirmed → Won't Fix |
To post a comment you must log in.
Here's a patch which I believe be a correct backport of the upstream patch to Lucid (it didn't apply cleanly due to other additions to modsecurity since Lucid's release). I've verified that it builds but not yet done any testing - I'll be doing so shortly.