[apache2] 01/05: Fix CVE-2013-6438 in mod_dav
Stefan Fritsch
sf at moszumanska.debian.org
Sun May 25 15:43:59 UTC 2014
This is an automated email from the git hooks/post-receive script.
sf pushed a commit to branch wheezy
in repository apache2.
commit 30eff681cec56d2008014d265444b001bbebeb37
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Sun May 25 17:29:54 2014 +0200
Fix CVE-2013-6438 in mod_dav
---
debian/changelog | 7 ++++++
debian/patches/mod_dav-CVE-2013-6438.patch | 34 ++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 42 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 1346111..baa6fd2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+apache2 (2.2.22-13+deb7u2) UNRELEASED; urgency=medium
+
+ * CVE-2013-6438: mod_dav: Fix potential denial of service from
+ specifically crafted DAV WRITE requests.
+
+ -- Stefan Fritsch <sf at debian.org> Sun, 30 Mar 2014 10:40:41 +0200
+
apache2 (2.2.22-13+deb7u1) wheezy; urgency=medium
Low impact security fixes:
diff --git a/debian/patches/mod_dav-CVE-2013-6438.patch b/debian/patches/mod_dav-CVE-2013-6438.patch
new file mode 100644
index 0000000..ae58c2c
--- /dev/null
+++ b/debian/patches/mod_dav-CVE-2013-6438.patch
@@ -0,0 +1,34 @@
+# commit 9ea49621699c2a5ead8bc9ffb8afa6167d31a826
+# Author: Ruediger Pluem <rpluem at apache.org>
+# Date: Wed Mar 12 11:50:49 2014 +0000
+#
+# Merge r1556428 from trunk:
+#
+# mod_dav: Keep track of length of cdata properly when removing leading spaces.
+#
+# * modules/dav/main/util.c
+# (dav_xml_get_cdata): reduce len variable when increasing cdata pointer.
+#
+# Submitted by: Amin Tora <Amin.Tora neustar.biz>
+#
+# Reviewed by: breser, rpluem, gstein, wrowe
+#
+#
+# git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1576706 13f79535-47bb-0310-9956-ffa450edef68
+#
+diff --git a/modules/dav/main/util.c b/modules/dav/main/util.c
+index ddbd621..ba856fa 100644
+--- a/modules/dav/main/util.c
++++ b/modules/dav/main/util.c
+@@ -372,8 +372,10 @@ DAV_DECLARE(const char *) dav_xml_get_cdata(const apr_xml_elem *elem, apr_pool_t
+
+ if (strip_white) {
+ /* trim leading whitespace */
+- while (apr_isspace(*cdata)) /* assume: return false for '\0' */
++ while (apr_isspace(*cdata)) { /* assume: return false for '\0' */
+ ++cdata;
++ --len;
++ }
+
+ /* trim trailing whitespace */
+ while (len-- > 0 && apr_isspace(cdata[len]))
diff --git a/debian/patches/series b/debian/patches/series
index a1d774a..2d87f6f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -38,3 +38,4 @@ mod_log_forensic_693292.patch
mod_rewrite-CVE-2013-1862.patch
CVE-2013-1896.patch
mod_dav_crash_PR_52559.patch
+mod_dav-CVE-2013-6438.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git
More information about the Pkg-apache-commits
mailing list