diff options
Diffstat (limited to '')
| -rw-r--r-- | debian/changelog | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index c5cbe51..ee0857b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,20 @@ +apache2 (2.4.38-3+deb10u10) buster-security; urgency=medium + + * Non-maintainer upload by the LTS Team. + * CVE-2023-27522: HTTP Response Smuggling in mod_proxy_uwsgi + (Closes: #1032476) + * CVE-2023-25690: Some mod_proxy configurations allow a HTTP + Request Smuggling attack. Configurations are affected + when mod_proxy is enabled along with some form of RewriteRule + or ProxyPassMatch in which a non-specific pattern matches + some portion of the user-supplied request-target (URL) + data and is then re-inserted into the proxied request-target + using variable substitution. (Closes: #1032476) + * Backport perl-framework testsuite from sid + * Backport regression fix for CVE-2023-25690 + + -- Bastien Roucariès <rouca@debian.org> Fri, 21 Apr 2023 22:01:00 +0000 + apache2 (2.4.38-3+deb10u9) buster-security; urgency=medium * Non-maintainer upload by the LTS Team. |