diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-07 04:32:01 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-07 04:32:01 +0000 |
| commit | 7c0dc3ccb32ee21000826c2c5038c4a6f0b5e444 (patch) | |
| tree | 408acec04220bfabbe9b06ad015775f694851a6e /debian/patches/0054-CVE-2023-25690-2.patch | |
| parent | Adding debian version 2.4.38-3+deb10u9. (diff) | |
| download | apache2-7c0dc3ccb32ee21000826c2c5038c4a6f0b5e444.tar.xz apache2-7c0dc3ccb32ee21000826c2c5038c4a6f0b5e444.zip | |
Adding debian version 2.4.38-3+deb10u10.debian/2.4.38-3+deb10u10
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/0054-CVE-2023-25690-2.patch')
| -rw-r--r-- | debian/patches/0054-CVE-2023-25690-2.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/debian/patches/0054-CVE-2023-25690-2.patch b/debian/patches/0054-CVE-2023-25690-2.patch new file mode 100644 index 0000000..978be78 --- /dev/null +++ b/debian/patches/0054-CVE-2023-25690-2.patch @@ -0,0 +1,35 @@ +From 8b93a6512f14f5f68887ddfe677e91233ed79fb0 Mon Sep 17 00:00:00 2001 +From: Ruediger Pluem <rpluem@apache.org> +Date: Mon, 6 Mar 2023 10:00:09 +0000 +Subject: [PATCH] [2/2] Fix CVE-2023-25690: HTTP Request Smuggling in mod_proxy* + +* modules/http2/mod_proxy_http2.c: Fix missing APLOGNO. + +Submitted by: jorton +Reviewed by: rpluem + +Note: mod_proxy_http2 is CTR on 2.4.x. + +bug: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-25690 +bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476 +bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2023-25690 +origin: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1908118 13f79535-47bb-0310-9956-ffa450edef68 +git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1908118 13f79535-47bb-0310-9956-ffa450edef68 +--- + modules/http2/mod_proxy_http2.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules/http2/mod_proxy_http2.c b/modules/http2/mod_proxy_http2.c +index aa299b937a5..2a9967e5d57 100644 +--- a/modules/http2/mod_proxy_http2.c ++++ b/modules/http2/mod_proxy_http2.c +@@ -163,7 +163,7 @@ static int proxy_http2_canon(request_rec *r, char *url) + * We have a raw control character or a ' ' in r->args. + * Correct encoding was missed. + */ +- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO() ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10412) + "To be forwarded query string contains control " + "characters or spaces"); + return HTTP_FORBIDDEN; + |