Hi Alberto, On Tue, Jun 04, 2013 at 09:38:58AM +0200, Alberto Gonzalez Iniesta wrote: > On Tue, Jun 04, 2013 at 06:50:50AM +0200, Salvatore Bonaccorso wrote: > > Hi Alberto > > > > On Wed, May 29, 2013 at 09:17:26AM +0200, Salvatore Bonaccorso wrote: > > > the following vulnerability was published for modsecurity-apache. > > > > > > CVE-2013-2765[0]: > > > NULL pointer dereference > > > > > > Upstream patch is at [1], fixed in 2.7.4[2]. > > > > > > If you fix the vulnerability please also make sure to include the > > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > > > For further information see: > > > > > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2765 > > > http://security-tracker.debian.org/tracker/CVE-2013-2765 > > > [1] > > > https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba > > > [2] https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES > > > > > > Please adjust the affected versions in the BTS as needed. > > > > Did you had a chance to already look at the upload for unstable? Can > > you also contact the Stable Release Managers for asking then for the > > inclusion in the next point release? (Note that the freeze for the NEW > > queue for it is already the coming weekend). > > Hi Salvatore, > > I was the AFK all the weekend, I'm preparing the upload to unstable now, > and will contact SRM afterwards.
Thanks! Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org