Overview

File _patchinfo of Package patchinfo.831

<patchinfo incident="831">
  <packager>pgajdos</packager>
  <issue tracker="bnc" id="775852">apache2-mod_php5: remote code execution due to multiple extension feature of 'AddHandler's</issue>
  <issue tracker="bnc" id="778003">apache2-mod_php5: header CR injection</issue>
  <issue tracker="cve" id="CVE-2011-1398">apache2-mod_php5: header CR injection</issue>
  <issue tracker="cve" id="CVE-2011-4388">apache2-mod_php5: header CR injection</issue>
  <category>security</category>
  <rating>moderate</rating>
  <summary>php5: harden FilesMatch</summary>
  <description>
  php5 was updated to fix two security issues:
  - use FilesMatch with 'SetHandler' rather than 'AddHandler' [bnc#775852]
Since this update just hardens a configuration to protect weakly
designed web applications, there was no CVE assigned.

  - A HTTP header Carriage-Return injection flaw was fixed (CVE-2011-1398 and CVE-2011-4388 [bnc#778003])
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places