[apache2] 01/05: Fix CVE-2013-6438 in mod_dav

Stefan Fritsch sf at moszumanska.debian.org
Sun May 25 15:43:59 UTC 2014 

This is an automated email from the git hooks/post-receive script.

sf pushed a commit to branch wheezy
in repository apache2.

commit 30eff681cec56d2008014d265444b001bbebeb37
Author: Stefan Fritsch <sf at sfritsch.de>
Date:   Sun May 25 17:29:54 2014 +0200

    Fix CVE-2013-6438 in mod_dav
---
 debian/changelog                           |  7 ++++++
 debian/patches/mod_dav-CVE-2013-6438.patch | 34 ++++++++++++++++++++++++++++++
 debian/patches/series                      |  1 +
 3 files changed, 42 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 1346111..baa6fd2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+apache2 (2.2.22-13+deb7u2) UNRELEASED; urgency=medium
+
+  * CVE-2013-6438: mod_dav: Fix potential denial of service from
+    specifically crafted DAV WRITE requests.
+
+ -- Stefan Fritsch <sf at debian.org>  Sun, 30 Mar 2014 10:40:41 +0200
+
 apache2 (2.2.22-13+deb7u1) wheezy; urgency=medium
 
   Low impact security fixes:
diff --git a/debian/patches/mod_dav-CVE-2013-6438.patch b/debian/patches/mod_dav-CVE-2013-6438.patch
new file mode 100644
index 0000000..ae58c2c
--- /dev/null
+++ b/debian/patches/mod_dav-CVE-2013-6438.patch
@@ -0,0 +1,34 @@
+# commit 9ea49621699c2a5ead8bc9ffb8afa6167d31a826
+# Author: Ruediger Pluem <rpluem at apache.org>
+# Date:   Wed Mar 12 11:50:49 2014 +0000
+#
+#    Merge r1556428 from trunk:
+#    
+#    mod_dav: Keep track of length of cdata properly when removing leading spaces.
+#    
+#    * modules/dav/main/util.c
+#      (dav_xml_get_cdata): reduce len variable when increasing cdata pointer.
+#    
+#    Submitted by: Amin Tora <Amin.Tora neustar.biz>
+#    
+#    Reviewed by: breser, rpluem, gstein, wrowe
+#    
+#    
+#    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1576706 13f79535-47bb-0310-9956-ffa450edef68
+#
+diff --git a/modules/dav/main/util.c b/modules/dav/main/util.c
+index ddbd621..ba856fa 100644
+--- a/modules/dav/main/util.c
++++ b/modules/dav/main/util.c
+@@ -372,8 +372,10 @@ DAV_DECLARE(const char *) dav_xml_get_cdata(const apr_xml_elem *elem, apr_pool_t
+ 
+     if (strip_white) {
+         /* trim leading whitespace */
+-        while (apr_isspace(*cdata))     /* assume: return false for '\0' */
++        while (apr_isspace(*cdata)) {     /* assume: return false for '\0' */
+             ++cdata;
++            --len;
++        }
+ 
+         /* trim trailing whitespace */
+         while (len-- > 0 && apr_isspace(cdata[len]))
diff --git a/debian/patches/series b/debian/patches/series
index a1d774a..2d87f6f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -38,3 +38,4 @@ mod_log_forensic_693292.patch
 mod_rewrite-CVE-2013-1862.patch
 CVE-2013-1896.patch
 mod_dav_crash_PR_52559.patch
+mod_dav-CVE-2013-6438.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git

More information about the Pkg-apache-commits mailing list