Overview

Request 205966 accepted

- update to 2.3.9:
+ obsoletes apache2-mod_fcgid-CVE-2013-4365-bnc844935.diff
and fixes CVE-2013-4365 [bnc#844935] (heap overflow).
The heap overflow discovery and fix was done by
Robert Matthews .
+ quoting and spaces parsing correction for FcgidWrapper directive
and commandline options.
+ logging improvements for access controls
+ remove redundant processing of Location headers when running in
FCGI_AUTHORIZER mode

- Intermediate fix for openSUSE:Factory eg. openSUSE:13.1:
apache2-mod_fcgid-CVE-2013-4365-bnc844935.diff fixes a heap
overflow identified by CVE-2013-4365 [bnc#844935].
This patch will be obsoleted by the next version update (to
2.3.9 or higher).

Request History
Roman Drahtmueller's avatar

draht created request

- update to 2.3.9:
+ obsoletes apache2-mod_fcgid-CVE-2013-4365-bnc844935.diff
and fixes CVE-2013-4365 [bnc#844935] (heap overflow).
The heap overflow discovery and fix was done by
Robert Matthews .
+ quoting and spaces parsing correction for FcgidWrapper directive
and commandline options.
+ logging improvements for access controls
+ remove redundant processing of Location headers when running in
FCGI_AUTHORIZER mode

- Intermediate fix for openSUSE:Factory eg. openSUSE:13.1:
apache2-mod_fcgid-CVE-2013-4365-bnc844935.diff fixes a heap
overflow identified by CVE-2013-4365 [bnc#844935].
This patch will be obsoleted by the next version update (to
2.3.9 or higher).

Factory Auto's avatar

factory-auto added a reviewer

Please review sources

Factory Auto's avatar

factory-auto accepted review

Check script succeeded

Factory Auto's avatar

factory-auto added a reviewer

Please review build success

Saul Goodman's avatar

licensedigger accepted review

{"approve": "preliminary, version number changed"}

Factory Repo Checker's avatar

factory-repo-checker accepted review

Builds for repo openSUSE_Factory

Dominique Leuenberger's avatar

dimstar declined request

In the 'intermedite' fix you mention to add a patch; which obviously (from this single commit) gets dropped again with the update to 2.3.9... but said drop is not mentioned.

Please see
http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines#Patch_live_cycle

=> Added / removed patches need to be mentioned by name in .changes, in
order to get a full trail of life cycles.

Dominique Leuenberger's avatar

dimstar added a reviewer

My bad.. it IS there..

Dominique Leuenberger's avatar

dimstar approved review

sorry for the noise.. in fact, the drop of the patch is mentioned...

Dominique Leuenberger's avatar

dimstar accepted review

sorry for the noise.. in fact, the drop of the patch is mentioned...

Stephan Kulow's avatar

coolo accepted request

checkin to openSUSE:Factory only

openSUSE Build Service is sponsored by
Places