Adding debian version 2.4.38-3+deb10u8.debian/2.4.38-3+deb10u8

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 20 insertions, 0 deletions

diff --git a/debian/patches/CVE-2021-31618.patch b/debian/patches/CVE-2021-31618.patch
new file mode 100644
index 0000000..12d59c8
--- /dev/null
+++ b/debian/patches/CVE-2021-31618.patch
@@ -0,0 +1,20 @@
+Description: fix NULL pointer dereference on specially crafted HTTP/2 request
+Author: Upstream
+Origin: upstream, http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http2/h2_stream.c?r1=1889759&r2=1889758&pathrev=1889759
+Bug: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-31618
+Bug-Debian: https://bugs.debian.org/989562
+Forwarded: not-needed
+Reviewed-By: Yadd <yadd@debian.org>
+Last-Update: 2021-06-10
+
+--- a/modules/http2/h2_stream.c
++++ b/modules/http2/h2_stream.c
+@@ -638,7 +638,7 @@
+ 
+ static void set_error_response(h2_stream *stream, int http_status)
+ {
+-    if (!h2_stream_is_ready(stream)) {
++    if (!h2_stream_is_ready(stream) && stream->rtmp) {
+         conn_rec *c = stream->session->c;
+         apr_bucket *b;
+         h2_headers *response;