[apache2] 02/02: CVE-2013-1862: rewritelog escaping
Stefan Fritsch
sf at moszumanska.debian.org
Sun Jan 26 12:25:42 UTC 2014
This is an automated email from the git hooks/post-receive script.
sf pushed a commit to branch wheezy
in repository apache2.
commit 4655549956d6cffe16f9e52b7326f563079bcae2
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Sun Jan 26 13:24:27 2014 +0100
CVE-2013-1862: rewritelog escaping
---
debian/changelog | 3 ++
debian/patches/mod_rewrite-CVE-2013-1862.patch | 46 ++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 50 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index bcf10be..62a6b68 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,8 @@
apache2 (2.2.22-13+wheezy1) UNRELEASED; urgency=low
+ * CVE-2013-1862: mod_rewrite: Ensure that client data written to the
+ RewriteLog is escaped to prevent terminal escape sequences from entering
+ the log file. Closes: #722333
* Make apache2ctl create the necessary directories even if started with
special options for apache2. Closes: #731531
* Adjust paragraph in README.Debian about MaxMemFree not working properly.
diff --git a/debian/patches/mod_rewrite-CVE-2013-1862.patch b/debian/patches/mod_rewrite-CVE-2013-1862.patch
new file mode 100644
index 0000000..3c73fc8
--- /dev/null
+++ b/debian/patches/mod_rewrite-CVE-2013-1862.patch
@@ -0,0 +1,46 @@
+#Index: CHANGES
+#===================================================================
+#--- CHANGES (revision 1469310)
+#+++ CHANGES (working copy)
+#@@ -1,8 +1,11 @@
+# -*- coding: utf-8 -*-
+# Changes with Apache 2.2.25
+#
+#+ *) SECURITY: CVE-2013-1862 (cve.mitre.org)
+#+ mod_rewrite: Ensure that client data written to the RewriteLog is
+#+ escaped to prevent terminal escape sequences from entering the
+#+ log file. [Joe Orton]
+#
+#-
+# Changes with Apache 2.2.24
+#
+# *) SECURITY: CVE-2012-3499 (cve.mitre.org)
+Index: modules/mappers/mod_rewrite.c
+===================================================================
+--- a/modules/mappers/mod_rewrite.c (revision 1469310)
++++ b/modules/mappers/mod_rewrite.c (working copy)
+@@ -500,11 +500,11 @@
+
+ logline = apr_psprintf(r->pool, "%s %s %s %s [%s/sid#%pp][rid#%pp/%s%s%s] "
+ "(%d) %s%s%s%s" APR_EOL_STR,
+- rhost ? rhost : "UNKNOWN-HOST",
+- rname ? rname : "-",
+- r->user ? (*r->user ? r->user : "\"\"") : "-",
++ rhost ? ap_escape_logitem(r->pool, rhost) : "UNKNOWN-HOST",
++ rname ? ap_escape_logitem(r->pool, rname) : "-",
++ r->user ? (*r->user ? ap_escape_logitem(r->pool, r->user) : "\"\"") : "-",
+ current_logtime(r),
+- ap_get_server_name(r),
++ ap_escape_logitem(r->pool, ap_get_server_name(r)),
+ (void *)(r->server),
+ (void *)r,
+ r->main ? "subreq" : "initial",
+@@ -514,7 +514,7 @@
+ perdir ? "[perdir " : "",
+ perdir ? perdir : "",
+ perdir ? "] ": "",
+- text);
++ ap_escape_logitem(r->pool, text));
+
+ nbytes = strlen(logline);
+ apr_file_write(conf->rewritelogfp, logline, &nbytes);
diff --git a/debian/patches/series b/debian/patches/series
index 1c7f102..52737dc 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -35,3 +35,4 @@ SSLProtocol-tls11-12.2.patch
disable-ssl-compression.patch
CVE-2012-3499_CVE-2012-4558_XSS.patch
mod_log_forensic_693292.patch
+mod_rewrite-CVE-2013-1862.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git
More information about the Pkg-apache-commits
mailing list