From ${URL} : Description Positive Technologies has reported a vulnerability in ModSecurity, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). The vulnerability is caused due to an error when parsing external XML entities and can be exploited to e.g. disclose local files or cause excessive memory and CPU consumption. The vulnerability is reported in version 2.7.2. Prior versions may also be affected. Solution Update to version 2.7.3. Provided and/or discovered by Timur Yunusov and Alexey Osipov, Positive Technologies Original Advisory ModSecurity: https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES
Go for it, 2.7.3 is in tree and should be fine to go stable.
Arches, please test and mark stable: =www-apache/mod_security-2.7.3 Target keywords : "amd64 ppc sparc x86
amd64 stable
ppc stable
x86 stable
sparc stable
CVE-2013-1915 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1915): ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.
GLSA vote: no.
GLSA vote: no. Closing as [noglsa]