File _patchinfo of Package patchinfo

<patchinfo>
  <issue tracker="cve" id="CVE-2013-6438"/>
  <issue tracker="cve" id="CVE-2014-0098"/>
  <issue tracker="cve" id="CVE-2014-0226"/>
  <issue tracker="cve" id="CVE-2014-0231"/>
  <issue tracker="bnc" id="869105"/>
  <issue tracker="bnc" id="869106"/>
  <issue tracker="bnc" id="887765"/>
  <issue tracker="bnc" id="887768"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>draht</packager>
  <description>This apache2 update fixes the following security issues:

- CRIME types of attack, based on size and timing analysis of compressed
  content, are now mitigated by the new SSLCompression directive, set to
  "no" in /etc/apache2/ssl-global.conf
- ssl-global.conf: SSLHonorCipherOrder set to on
- SSLCipherSuite updates to vhosts.d/vhost-ssl.template and 
  apache2-default-vhost-ssl.conf
- new config option CGIDScriptTimeout set to 60s in new file 
  conf.d/cgid-timeout.conf, preventing worker processes hanging forever 
  if a cgi launched from them has stopped reading input from the server.
  (bnc#887768, CVE-2014-0231)
- fix for mod_status race condition in scoreboard handling and 
  consecutive heap overflow and information disclosure if access to 
  mod_status is granted to a potential attacker. (bnc#887765, 
  CVE-2014-0226)
- fixed improperly handled whitespace characters in CDATA sections of 
  requests to mod_dav can lead to a crash, resulting in a DoS against 
  the server. (bnc#869105, CVE-2013-6438)
- fix for crash in parsing cookie content, resulting in a DoS against 
  the server. (bnc#869106, CVE-2014-0098)
</description>
  <summary>update for apache2</summary>
</patchinfo>