Nixpkgs security tracker

Permalink CVE-2014-0242

created 2 months ago Activity log

Created suggestion 2 months ago

mod_wsgi module before 3.4 for Apache, when used in embedded …

mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.

References

http://www.openwall.com/lists/oss-security/2014/05/21/1 x_transferredx_refsource_MISC
http://blog.dscpl.com.au/2014/05/security-release-for-modwsgi-version-35.html x_transferredx_refsource_MISC
http://modwsgi.readthedocs.org/en/latest/release-notes/version-3.4.html x_transferredx_refsource_MISC
http://www.securityfocus.com/bid/67534 x_transferredx_refsource_MISC

Affected products

mod_wsgi

==before 3.4

Matching in nixpkgs

pkgs.apacheHttpdPackages.mod_wsgi3

Host Python applications in Apache through the WSGI interface

nixos-unstable 5.0.2
- nixpkgs-unstable 5.0.2
- nixos-unstable-small 5.0.2
nixos-25.11 5.0.2
- nixos-25.11-small 5.0.2
- nixpkgs-25.11-darwin 5.0.2

pkgs.apacheHttpdPackages_2_4.mod_wsgi3