mod_fcgid 2.3.9 fixes a heap overflow:
From upstream release notes:
*) SECURITY: CVE-2013-4365 (cve.mitre.org)
Fix possible heap buffer overwrite. Reported and solved by:
[Robert Matthews <rob tigertech.com>]
(In reply to Hanno Boeck from comment #0)
> mod_fcgid 2.3.9 fixes a heap overflow:
> From upstream release notes:
> *) SECURITY: CVE-2013-4365 (cve.mitre.org)
> Fix possible heap buffer overwrite. Reported and solved by:
> [Robert Matthews <rob tigertech.com>]
Please cc the maintainer.
Heap-based buffer overflow in the fcgid_header_bucket_read function in
fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP
Server allows remote attackers to have an unspecified impact via unknown
As this package is maintainer-needed, I've bumped it (and before you ask: I don't intend to become the maintainer).
Much appreciated. Arches, please test and mark stable:
Target arches: amd64 ppc x86
Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
GLSA Request Filed
Maintainer(s), please drop the vulnerable version(s).
This issue was resolved and addressed in
GLSA 201402-09 at http://security.gentoo.org/glsa/glsa-201402-09.xml
by GLSA coordinator Chris Reffett (creffett).