Univention Bugzilla – Bug 55206
mod-wsgi: Multiple issues (5.0)
Last modified: 2022-09-21 17:07:52 CEST
New Debian mod-wsgi 4.6.5-1+deb10u1 fixes: This update addresses the following issue: * Trusted Proxy Headers Removing Bypass (CVE-2022-2255)
--- mirror/ftp/pool/main/m/mod-wsgi/mod-wsgi_4.6.5-1.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/mod-wsgi_4.6.5-1+deb10u1.dsc @@ -1,3 +1,9 @@ +4.6.5-1+deb10u1 [Mon, 12 Sep 2022 23:03:02 +0200] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2022-2255 + drop X-Client-IP header when is not a trusted header + 4.6.5-1 [Sun, 03 Feb 2019 00:30:51 +0100] Bernd Zeimetz <bzed@debian.org>: [ Ondřej Nový ] <http://piuparts.knut.univention.de/5.0-2/#436421514266138073>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=5.0x428>