[apache2] 01/02: fix CVE-2013-1896 patch for 2.2

Stefan Fritsch sf at moszumanska.debian.org
Tue Jan 28 22:12:55 UTC 2014


This is an automated email from the git hooks/post-receive script.

sf pushed a commit to branch squeeze
in repository apache2.

commit 563335693b34bb5632ceea8c8a53cd9d57b93ba1
Author: Stefan Fritsch <sf at sfritsch.de>
Date:   Tue Jan 28 22:47:54 2014 +0100

    fix CVE-2013-1896 patch for 2.2
---
 debian/patches/304_CVE-2013-1896.dpatch | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/debian/patches/304_CVE-2013-1896.dpatch b/debian/patches/304_CVE-2013-1896.dpatch
index 4efe9fd..0fd0c41 100755
--- a/debian/patches/304_CVE-2013-1896.dpatch
+++ b/debian/patches/304_CVE-2013-1896.dpatch
@@ -1,5 +1,7 @@
 #! /bin/sh /usr/share/dpatch/dpatch-run
-##
+#
+## DP: http://svn.apache.org/r1497101
+## DP: http://svn.apache.org/r1497212
 #
 @DPATCH@
 Index: apache2/modules/dav/main/mod_dav.c
@@ -11,7 +13,7 @@ Index: apache2/modules/dav/main/mod_dav.c
      conf = ap_get_module_config(r->per_dir_config, &dav_module);
      /* assert: conf->provider != NULL */
 +    if (conf->provider == NULL) {
-+        return dav_new_error(r->pool, HTTP_METHOD_NOT_ALLOWED, 0, 0,
++        return dav_new_error(r->pool, HTTP_METHOD_NOT_ALLOWED, 0,
 +                             apr_psprintf(r->pool,
 +				          "DAV not enabled for %s",
 +					  ap_escape_html(r->pool, r->uri)));

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git



More information about the Pkg-apache-commits mailing list