-
modsecurity-apache (2.6.6-6) unstable; urgency=high
* Applied upstream patch to fix XXE attacks. CVE-2013-1915
Thanks Thomas Goirand for backporting the patch.
(Closes: #704625)
Adds new SecXmlExternalEntity option which by default (Off) disables
the external entity load task executed by libxml2.
-- Alberto Gonzalez Iniesta <email address hidden> Sat, 06 Apr 2013 11:09:12 +0200
-
modsecurity-apache (2.6.6-5) unstable; urgency=high
* Applied upstream patch to fix multipart/invalid part
ruleset bypass. CVE-2012-4528. (Closes: #691146)
-- Alberto Gonzalez Iniesta <email address hidden> Mon, 22 Oct 2012 16:23:19 +0200
-
modsecurity-apache (2.6.6-3) unstable; urgency=low
* Relicense debian/* files to ASLv2 to avoid conflicts with upstream
license.
-- Alberto Gonzalez Iniesta <email address hidden> Thu, 12 Jul 2012 13:05:20 +0200
