[apache2] 01/02: CVE-2013-1862: rewritelog escaping
Stefan Fritsch
sf at moszumanska.debian.org
Mon Jan 27 21:38:41 UTC 2014
This is an automated email from the git hooks/post-receive script.
sf pushed a commit to branch squeeze
in repository apache2.
commit 6474d2b63bb51e758b7f27df292c93d6b63864db
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Sun Jan 26 13:24:27 2014 +0100
CVE-2013-1862: rewritelog escaping
---
debian/changelog | 9 +++++
debian/patches/00list | 1 +
.../patches/303_mod_rewrite-CVE-2013-1862.dpatch | 39 ++++++++++++++++++++++
3 files changed, 49 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index e71ca52..3904abc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+apache2 (2.2.16-6+squeeze12) squeeze; urgency=medium
+
+ Low impact security issues:
+ * CVE-2013-1862: mod_rewrite: Ensure that client data written to the
+ RewriteLog is escaped to prevent terminal escape sequences from entering
+ the log file. Closes: #722333
+
+ -- Stefan Fritsch <sf at debian.org> Sun, 03 Mar 2013 12:25:22 +0100
+
apache2 (2.2.16-6+squeeze11) squeeze-security; urgency=high
* CVE-2013-1048: Fix symlink vulnerability when creating /var/lock/apache2
diff --git a/debian/patches/00list b/debian/patches/00list
index 05e037e..6ac8222 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -46,3 +46,4 @@
300_disable-ssl-compression.dpatch
301_CVE-2012-4557_proxy_ajp.dpatch
302_CVE-2012-3499_CVE-2012-4558_XSS.dpatch
+303_mod_rewrite-CVE-2013-1862.dpatch
diff --git a/debian/patches/303_mod_rewrite-CVE-2013-1862.dpatch b/debian/patches/303_mod_rewrite-CVE-2013-1862.dpatch
new file mode 100755
index 0000000..a240d56
--- /dev/null
+++ b/debian/patches/303_mod_rewrite-CVE-2013-1862.dpatch
@@ -0,0 +1,39 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: http://svn.apache.org/viewvc?view=revision&revision=r1482349
+## DP: SECURITY: CVE-2013-1862 (cve.mitre.org)
+## DP: mod_rewrite: Ensure that client data written to the RewriteLog is
+## DP: escaped to prevent terminal escape sequences from entering the
+## DP: log file. [Joe Orton]
+#
+ at DPATCH@
+Index: modules/mappers/mod_rewrite.c
+===================================================================
+--- a/modules/mappers/mod_rewrite.c (revision 1469310)
++++ b/modules/mappers/mod_rewrite.c (working copy)
+@@ -500,11 +500,11 @@
+
+ logline = apr_psprintf(r->pool, "%s %s %s %s [%s/sid#%pp][rid#%pp/%s%s%s] "
+ "(%d) %s%s%s%s" APR_EOL_STR,
+- rhost ? rhost : "UNKNOWN-HOST",
+- rname ? rname : "-",
+- r->user ? (*r->user ? r->user : "\"\"") : "-",
++ rhost ? ap_escape_logitem(r->pool, rhost) : "UNKNOWN-HOST",
++ rname ? ap_escape_logitem(r->pool, rname) : "-",
++ r->user ? (*r->user ? ap_escape_logitem(r->pool, r->user) : "\"\"") : "-",
+ current_logtime(r),
+- ap_get_server_name(r),
++ ap_escape_logitem(r->pool, ap_get_server_name(r)),
+ (void *)(r->server),
+ (void *)r,
+ r->main ? "subreq" : "initial",
+@@ -514,7 +514,7 @@
+ perdir ? "[perdir " : "",
+ perdir ? perdir : "",
+ perdir ? "] ": "",
+- text);
++ ap_escape_logitem(r->pool, text));
+
+ nbytes = strlen(logline);
+ apr_file_write(conf->rewritelogfp, logline, &nbytes);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git
More information about the Pkg-apache-commits
mailing list