Summary: | net-www/apache-2, mod_dav: remotely triggerable NULL pointer dereference | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kurt Lieber (RETIRED) <klieber> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | apache-bugs, tigger |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://nagoya.apache.org/bugzilla/show_bug.cgi?id=31183 | ||
Whiteboard: | A3 [glsa] vorlon | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 62626 | ||
Bug Blocks: |
Description
Kurt Lieber (RETIRED)
2004-09-13 16:29:33 UTC
apache guys, please apply patch. This is related to bug 62626. We should probably only issue one GLSA for both, titled "Apache2, mod_dav: Multiple Denial of Service vulnerabilities". Okay, apache-2.0.50-r3 is now in the tree to address this vulnerability. Ready for marking stable on arches. Best regards, Stu Arches called for stable on bug 62626. Stuart : We also need a new net-www/mod_dav version for Apache 1 users... :) net-www/mod_dav-1.0.3-r1 already has the dp_scan code in place and isn't susceptible to this problem. My bad, the code was there. Fixed and commited -r2 for mod_dav. Arches, please test and mark mod_dav-1.0.3-r2 stable. Sparc stable. ppc stable now stable on x86.. waiting for testing and stable marking of apache-2.0.51 on bug #62626 (amd64) GLSA 200409-21 |