Bug 15196

Summary: apache new security issue CVE-2014-3583
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/635281/
Whiteboard:
Source RPM: apache-2.4.10-11.mga5.src.rpm CVE:
Status comment:

Description David Walser 2015-02-03 19:37:13 CET 
Apache 2.4.12 has been announced on January 29:
http://www.apache.org/dist/httpd/Announcement2.4.html

It fixes four security issues, three of which we have already previously fixed.

CVE-2014-3583 is the new one:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583

According to the RedHat bug, only 2.4.10 is affected:
https://bugzilla.redhat.com/show_bug.cgi?id=1163555

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-02-04 16:15:43 CET 
Fixed in apache-2.4.10-12.mga5.

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2015-03-02 22:36:50 CET

URL: (none) => http://lwn.net/Vulnerabilities/635281/