Overview

File _patchinfo of Package patchinfo.1524

<patchinfo>
  <issue id="777260" tracker="bnc">VUL-1: CVE-2012-2687: apache2: mod_negotiation Cross-Site Scripting (XSS)</issue>
  <issue id="806458" tracker="bnc">VUL-1: CVE-2012-3499: apache2: multiple XSS flaws due to unescaped hostnames</issue>
  <issue id="798733" tracker="bnc">SSL module does not do the case insensitive URI comparison</issue>
  <issue id="807152" tracker="bnc">VUL-1: CVE-2012-4558: apache2: XSS in mod_proxy_balancer</issue>
  <issue id="CVE-2012-4558" tracker="cve" />
  <issue id="CVE-2012-2687" tracker="cve" />
  <issue id="CVE-2012-3499" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>draht</packager>
  <description>
apache2 was updated to fix:

- fix for cross site scripting vulnerability in mod_balancer. This is
  CVE-2012-4558 [bnc#807152]
- fixes for low profile cross site scripting vulnerabilities,
  known as CVE-2012-3499 [bnc#806458]

- Escape filename for the case that uploads are allowed with untrusted
  user's control over filenames and mod_negotiation enabled on the
  same directory. CVE-2012-2687 [bnc#777260]

And also these bugs:
- httpd-2.2.x-bnc798733-SNI_ignorecase.diff: ignore case when
  checking against SNI server names. [bnc#798733]
</description>
  <summary>apache2: security and bugfixes</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places