[apache2] 02/03: fix CVE-2013-1896 patch for 2.2
Stefan Fritsch
sf at moszumanska.debian.org
Sat Feb 1 13:56:03 UTC 2014
This is an automated email from the git hooks/post-receive script.
sf pushed a commit to tag debian/2.2.22-13+deb7u1
in repository apache2.
commit 158b97f198068166a87fcb9af48369248b2ad317
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Tue Jan 28 22:47:54 2014 +0100
fix CVE-2013-1896 patch for 2.2
---
debian/patches/CVE-2013-1896.patch | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/debian/patches/CVE-2013-1896.patch b/debian/patches/CVE-2013-1896.patch
index 8d60f24..f4c67dc 100644
--- a/debian/patches/CVE-2013-1896.patch
+++ b/debian/patches/CVE-2013-1896.patch
@@ -1,3 +1,5 @@
+# http://svn.apache.org/r1497101
+# http://svn.apache.org/r1497212
Index: apache2/modules/dav/main/mod_dav.c
===================================================================
--- apache2.orig/modules/dav/main/mod_dav.c
@@ -7,7 +9,7 @@ Index: apache2/modules/dav/main/mod_dav.c
conf = ap_get_module_config(r->per_dir_config, &dav_module);
/* assert: conf->provider != NULL */
+ if (conf->provider == NULL) {
-+ return dav_new_error(r->pool, HTTP_METHOD_NOT_ALLOWED, 0, 0,
++ return dav_new_error(r->pool, HTTP_METHOD_NOT_ALLOWED, 0,
+ apr_psprintf(r->pool,
+ "DAV not enabled for %s",
+ ap_escape_html(r->pool, r->uri)));
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git
More information about the Pkg-apache-commits
mailing list