From ${URL} : Description A vulnerability has been reported in ModSecurity, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing the "forceRequestBodyVariable" action and can be exploited to cause a NULL pointer dereference via specially crafted HTTP requests. The vulnerability is reported in versions prior to 2.7.4. Solution Update to version 2.7.4. Provided and/or discovered by The vendor credits Younes Jaaidi. Original Advisory https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Okay this is ready in tree for stabilization IMHO.
Arches, please test and mark stable: =www-apache/mod_security-2.7.4 Target keywords : "amd64 ppc sparc x86"
x86 stable
amd64 stable
sparc stable
ppc stable
CVE-2013-2765 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2765): The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
Thanks for your work GLSA vote: no
GLSA vote: no. Closing as [noglsa]
