File _patchinfo of Package patchinfo

<patchinfo incident="96">
  <packager>draht</packager>
  <issue tracker="cve" id="CVE-2012-3499"></issue>
  <issue tracker="cve" id="CVE-2012-2687"></issue>
  <issue tracker="cve" id="CVE-2012-4558"></issue>
  <issue tracker="bnc" id="807152">VUL-1: CVE-2012-4558: apache2: XSS in mod_proxy_balancer</issue>
  <issue tracker="bnc" id="798733">SSL module does not do the case insensitive URI comparison</issue>
  <issue tracker="bnc" id="806458">VUL-1: CVE-2012-3499: apache2: multiple XSS flaws due to unescaped hostnames</issue>
  <issue tracker="bnc" id="777260">VUL-1: CVE-2012-2687: apache2: mod_negotiation Cross-Site Scripting (XSS)</issue>
  <category>security</category>
  <rating>moderate</rating>
  <summary>apache2: security and bugfixes</summary>
  <description>apache2 was updated to fix:

- fix for cross site scripting vulnerability in mod_balancer. This is
  CVE-2012-4558 [bnc#807152]
- fixes for low profile cross site scripting vulnerabilities,
  known as CVE-2012-3499 [bnc#806458]

- Escape filename for the case that uploads are allowed with untrusted
  user's control over filenames and mod_negotiation enabled on the
  same directory. CVE-2012-2687 [bnc#777260]

And also these bugs:
- httpd-2.2.x-bnc798733-SNI_ignorecase.diff: ignore case when
  checking against SNI server names. [bnc#798733]</description>
</patchinfo>