Univention Bugzilla – Bug 55778
apache2: Multiple issues (5.0)
Last modified: 2023-03-08 16:36:31 CET
New Debian apache2 2.4.38-3+deb10u9A~5.0.3.202303031021 fixes: This update addresses the following issues: 2.4.38-3+deb10u9 (Thu, 02 Mar 2023 15:26:27 +0100) * Non-maintainer upload by the LTS Team. * CVE-2006-20001: Fix error path for "Not" prefix parsing. * CVE-2022-36760: HTTP Requests vulnerability in mod_proxy_ajp * CVE-2022-37436: Early truncation of response headers * CVE-2021-33193: mod_proxy HTTP/2 validation bypass * Add tests from master branch for CVE-2019-0215, CVE-2020-1927 * Update debian/gbp.conf to use the branch "debian/buster" * Add debian/.gitlab-ci.yml
--- mirror/ftp/pool/main/a/apache2/apache2_2.4.38-3+deb10u8A~5.0.2.202209111835.dsc +++ apt/ucs_5.0-0-errata5.0-3/source/apache2_2.4.38-3+deb10u9A~5.0.3.202303031021.dsc @@ -1,7 +1,18 @@ -2.4.38-3+deb10u8A~5.0.2.202209111835 [Sun, 11 Sep 2022 18:36:26 +0200] Univention builddaemon <buildd@univention.de>: +2.4.38-3+deb10u9A~5.0.3.202303031021 [Fri, 03 Mar 2023 10:22:33 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 20-no-proxy + +2.4.38-3+deb10u9 [Thu, 02 Mar 2023 15:26:27 +0100] Lee Garrett <debian@rocketjump.eu>: + + * Non-maintainer upload by the LTS Team. + * CVE-2006-20001: Fix error path for "Not" prefix parsing. + * CVE-2022-36760: HTTP Requests vulnerability in mod_proxy_ajp + * CVE-2022-37436: Early truncation of response headers + * CVE-2021-33193: mod_proxy HTTP/2 validation bypass + * Add tests from master branch for CVE-2019-0215, CVE-2020-1927 + * Update debian/gbp.conf to use the branch "debian/buster" + * Add debian/.gitlab-ci.yml 2.4.38-3+deb10u8 [Mon, 20 Jun 2022 15:03:00 -0400] Roberto C. Sánchez <roberto@debian.org>: <http://piuparts.knut.univention.de/5.0-3/#6840710909797310916>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-3] 7a20f60ca0 Bug #55778: apache2 2.4.38-3+deb10u9A~5.0.3.202303031021 doc/errata/staging/apache2.yaml | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) [5.0-3] ba32719c06 Bug #55778: apache2 2.4.38-3+deb10u9A~5.0.3.202303031021 doc/errata/staging/apache2.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x602>