ModSecurity upstream has released v2.7.3 version:
[1] https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES
correcting one security flaw (from [2]):
"It was reported that the XML files parser of ModSecurity,
a security module for the Apache HTTP Server, was vulnerable
to XML External Entity attacks. A remote attacker could
provide a specially-crafted XML file that, when processed
might lead to local files disclosure or, potentially,
excessive resources (memory, CPU) consumption."
References:
[2] https://bugzilla.redhat.com/show_bug.cgi?id=947842
[3] https://bugs.gentoo.org/show_bug.cgi?id=464188
[4] https://secunia.com/advisories/52847/
Relevant upstream patch (seems to be the following):
[5] https://github.com/SpiderLabs/ModSecurity/commit/d4d80b38aa85eccb26e3c61b04d16e8ca5de76fe
Could you allocate a CVE id [*] for this?
Thank you && Regards, Jan.