diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-25 04:41:29 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-25 04:41:29 +0000 |
| commit | bc9388be5e541fa5aeae9ee8f74cf1384e0aa2f2 (patch) | |
| tree | a9acb2f667672646886604a0347dcb7eb6d57ae7 /debian/patches/0054-CVE-2023-25690-2.patch | |
| parent | Merging upstream version 2.4.59. (diff) | |
| download | apache2-bc9388be5e541fa5aeae9ee8f74cf1384e0aa2f2.tar.xz apache2-bc9388be5e541fa5aeae9ee8f74cf1384e0aa2f2.zip | |
Merging debian version 2.4.59-1~deb10u1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/0054-CVE-2023-25690-2.patch')
| -rw-r--r-- | debian/patches/0054-CVE-2023-25690-2.patch | 35 |
1 files changed, 0 insertions, 35 deletions
diff --git a/debian/patches/0054-CVE-2023-25690-2.patch b/debian/patches/0054-CVE-2023-25690-2.patch deleted file mode 100644 index 978be78..0000000 --- a/debian/patches/0054-CVE-2023-25690-2.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 8b93a6512f14f5f68887ddfe677e91233ed79fb0 Mon Sep 17 00:00:00 2001 -From: Ruediger Pluem <rpluem@apache.org> -Date: Mon, 6 Mar 2023 10:00:09 +0000 -Subject: [PATCH] [2/2] Fix CVE-2023-25690: HTTP Request Smuggling in mod_proxy* - -* modules/http2/mod_proxy_http2.c: Fix missing APLOGNO. - -Submitted by: jorton -Reviewed by: rpluem - -Note: mod_proxy_http2 is CTR on 2.4.x. - -bug: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-25690 -bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476 -bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2023-25690 -origin: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1908118 13f79535-47bb-0310-9956-ffa450edef68 -git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1908118 13f79535-47bb-0310-9956-ffa450edef68 ---- - modules/http2/mod_proxy_http2.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/modules/http2/mod_proxy_http2.c b/modules/http2/mod_proxy_http2.c -index aa299b937a5..2a9967e5d57 100644 ---- a/modules/http2/mod_proxy_http2.c -+++ b/modules/http2/mod_proxy_http2.c -@@ -163,7 +163,7 @@ static int proxy_http2_canon(request_rec *r, char *url) - * We have a raw control character or a ' ' in r->args. - * Correct encoding was missed. - */ -- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO() -+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10412) - "To be forwarded query string contains control " - "characters or spaces"); - return HTTP_FORBIDDEN; - |