Adding debian version 2.4.38-3+deb10u10.debian/2.4.38-3+deb10u10

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 17 insertions, 0 deletions

diff --git a/debian/changelog b/debian/changelog
index c5cbe51..ee0857b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,20 @@
+apache2 (2.4.38-3+deb10u10) buster-security; urgency=medium
+
+  * Non-maintainer upload by the LTS Team.
+  * CVE-2023-27522: HTTP Response Smuggling in mod_proxy_uwsgi
+    (Closes: #1032476)
+  * CVE-2023-25690: Some mod_proxy configurations allow a HTTP
+    Request Smuggling attack. Configurations are affected
+    when mod_proxy is enabled along with some form of RewriteRule
+    or ProxyPassMatch in which a non-specific pattern matches
+    some portion of the user-supplied request-target (URL)
+    data and is then re-inserted into the proxied request-target
+    using variable substitution. (Closes: #1032476)
+  * Backport perl-framework testsuite from sid
+  * Backport regression fix for CVE-2023-25690
+
+ -- Bastien Roucariès <rouca@debian.org>  Fri, 21 Apr 2023 22:01:00 +0000
+
 apache2 (2.4.38-3+deb10u9) buster-security; urgency=medium
 
   * Non-maintainer upload by the LTS Team.