*) SECURITY: CVE-2010-3872 (cve.mitre.org) Fix possible stack buffer overwrite. Diagnosed by the reporter. PR 49406. [Edgar Frank <ef-lists email.de>]
Bumped in portage.
Arches, please test and mark stable: =www-apache/mod_fcgid-2.3.6 Target keywords : "amd64 ppc x86"
amd64/x86 stable
ppc stable, last arch done
Thanks, folks. GLSA request filed.
CVE-2010-3872 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3872): The apr_status_t fcgid_header_bucket_read function in fcgid_bucket.c in Apache mod_fcgid before 2.3.6 does not use bytewise pointer arithmetic in certain circumstances, which has unknown impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
This issue was resolved and addressed in GLSA 201207-09 at http://security.gentoo.org/glsa/glsa-201207-09.xml by GLSA coordinator Sean Amoss (ackle).