Update for apache2-mod_security2.openSUSE_Evergr... security moderate

update for apache2-mod_security2

- complete overhaul of this package, with update to 2.7.5.
- ruleset update to 2.2.8-0-g0f07cbb.
- new configuration framework private to mod_security2:
/etc/apache2/conf.d/mod_security2.conf loads
then /etc/apache2/mod_security2.d/*.conf , as set up based on
advice in /etc/apache2/conf.d/mod_security2.conf
Your configuration starting point is
- !!! Please note that mod_unique_id is needed for mod_security2 to run!
- modsecurity-apache_2.7.5-build_fix_pcre.diff changes erroneaous
linker parameter, preventing rpath in shared object.
- fixes contained for the following bugs:
* CVE-2009-5031, CVE-2012-2751 [bnc#768293] request parameter handling
* [bnc#768293] multi-part bypass, minor threat
* CVE-2013-1915 [bnc#813190] XML external entity vulnerability
* CVE-2012-4528 [bnc#789393] rule bypass
* CVE-2013-2765 [bnc#822664] null pointer dereference crash
- new from 2.5.9 to 2.7.5, only major changes:
* GPLv2 replaced by Apache License v2
* rules are not part of the source tarball any longer, but
maintaned upstream externally, and included in this package.
* documentation was externalized to a wiki. Package contains
the FAQ and the reference manual in html form.
* renamed the term "Encryption" in directives that actually refer
to hashes. See CHANGES file for more details.
* new directive SecXmlExternalEntity, default off
* byte conversion issues on s390x when logging fixed.
* many small issues fixed that were discovered by a Coverity scanner
* updated reference manual

Fixed bugs
VUL-0: CVE-2013-1915: apache2-mod_security2 (X < 2.7.3): Vulnerable to XXE attacks
VUL-0: apache2-mod_security2: multi-part bypass
VUL-0: CVE-2013-2765: apache2-mod_security2: Remote Null Pointer Dereference
VUL-0: CVE-2012-4528: apache2-mod_security: multipart/invalid part ruleset bypass
Selected Binaries