Here's a patch which I believe be a correct backport of the upstream patch to Lucid (it didn't apply cleanly due to other additions to modsecurity since Lucid's release). I've verified that it builds but not yet done any testing - I'll be doing so shortly.
** Patch added: "modsecurity-apache_2.6.6-5ubuntu0.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/modsecurity-apache/+bug/1169030/+attachment/3644365/+files/modsecurity-apache_2.6.6-5ubuntu0.1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1169030 Title: CVE 2013-1915: local files disclosure or resource exhaustion via XML External Entity attack To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/modsecurity-apache/+bug/1169030/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs