Univention Bugzilla – Bug 50392
apache2: Multiple issues (4.4)
Last modified: 2019-10-23 14:59:02 CEST
New Debian apache2 2.4.25-3+deb9u9A~4.4.2.201910210907 fixes: This update addresses the following issue: * limited cross-site scripting in mod_proxy error page (CVE-2019-10092)
--- mirror/ftp/4.4/unmaintained/4.4-2/source/apache2_2.4.25-3+deb9u8A~4.4.1.201908270838.dsc +++ apt/ucs_4.4-0-errata4.4-2/source/apache2_2.4.25-3+deb9u9A~4.4.2.201910210907.dsc @@ -1,9 +1,15 @@ -2.4.25-3+deb9u8A~4.4.1.201908270838 [Tue, 27 Aug 2019 09:00:50 +0200] Univention builddaemon <buildd@univention.de>: +2.4.25-3+deb9u9A~4.4.2.201910210907 [Mon, 21 Oct 2019 09:07:35 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 05-autostart-setting 10-apache2-reload 20-no-proxy + +2.4.25-3+deb9u9 [Sun, 13 Oct 2019 17:43:54 +0200] Stefan Fritsch <sf@debian.org>: + + [ Xavier Guimard ] + * Use correct patch for CVE-2019-10092. This fixes a regression in + mod_proxy_balancer (Closes: #941202) 2.4.25-3+deb9u8 [Mon, 19 Aug 2019 21:25:31 +0200] Stefan Fritsch <sf@debian.org>: <http://10.200.17.11/4.4-2/#5183692429257070872>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-2] ad67cfbc87 Bug #50392: apache2 2.4.25-3+deb9u9A~4.4.2.201910210907 doc/errata/staging/apache2.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) [4.4-2] 26b6706c1b Bug #50392: apache2 2.4.25-3+deb9u9A~4.4.2.201910210907 doc/errata/staging/apache2.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+)
<http://errata.software-univention.de/ucs/4.4/320.html>