File _patchinfo of Package patchinfo.310

<patchinfo incident="310">
  <packager>draht</packager>
  <issue tracker="cve" id="CVE-2013-5705"></issue>
  <issue tracker="bnc" id="871309">VUL-0: CVE-2013-5705: apache2-mod_security2: bypass of intended rules via chunked requests</issue>
  <issue tracker="cve" id="CVE-2013-6438"></issue>
  <issue tracker="cve" id="CVE-2014-0098"></issue>
  <issue tracker="cve" id="CVE-2014-0226"></issue>
  <issue tracker="cve" id="CVE-2014-0231"></issue>
  <issue tracker="bnc" id="859916">Support ECDH in Apache2</issue>
  <issue tracker="bnc" id="869105">VUL-1: CVE-2013-6438: apache2: mod_dav denial of service</issue>
  <issue tracker="bnc" id="869106">L3: VUL-1: CVE-2014-0098: apache2: log_cookie mod_log_config.c remote denial of service</issue>
  <issue tracker="bnc" id="887765">VUL-0: CVE-2014-0226: apache2:  mod_status heap-based buffer overflow</issue>
  <issue tracker="bnc" id="887768">VUL-0: CVE-2014-0231: apache2: mod_cgid denial of service</issue>
  <category>security</category>
  <rating>important</rating>
  <summary>security issues addressed, most notably the mod_security heap overflow known as CVE-2014-0226</summary>
  <description>apache2:
- ECC support was added to mod_ssl
- fix for a race condition in mod_status known as CVE-2014-0226 can lead to information disclosure; mod_status is not active by default, and is normally only open for connects from localhost.
- fix for bug known as CVE-2014-0098 that can crash the apache process if a specially designed cookie is sent to the server (log_cookie.c)
- fix for crash bug in mod_dav known as CVE-2013-6438
- fix for a problem with non-responsive CGI scripts that would otherwise cause the server to stall and deny service. CVE-2014-0231, new configuration parameter CGIDScriptTimeout defaults to 60s.

apache2-mod_security2:
- specially drafted chunked http requests allow an attacker to bypass filters configured in mod_security2.
This vulnerability is known as CVE-2013-5705.
  </description>
</patchinfo>