summaryrefslogtreecommitdiffstats
path: root/debian/patches/0054-CVE-2023-25690-2.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/0054-CVE-2023-25690-2.patch')
-rw-r--r--debian/patches/0054-CVE-2023-25690-2.patch35
1 files changed, 0 insertions, 35 deletions
diff --git a/debian/patches/0054-CVE-2023-25690-2.patch b/debian/patches/0054-CVE-2023-25690-2.patch
deleted file mode 100644
index 978be78..0000000
--- a/debian/patches/0054-CVE-2023-25690-2.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 8b93a6512f14f5f68887ddfe677e91233ed79fb0 Mon Sep 17 00:00:00 2001
-From: Ruediger Pluem <rpluem@apache.org>
-Date: Mon, 6 Mar 2023 10:00:09 +0000
-Subject: [PATCH] [2/2] Fix CVE-2023-25690: HTTP Request Smuggling in mod_proxy*
-
-* modules/http2/mod_proxy_http2.c: Fix missing APLOGNO.
-
-Submitted by: jorton
-Reviewed by: rpluem
-
-Note: mod_proxy_http2 is CTR on 2.4.x.
-
-bug: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-25690
-bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476
-bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2023-25690
-origin: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1908118 13f79535-47bb-0310-9956-ffa450edef68
-git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1908118 13f79535-47bb-0310-9956-ffa450edef68
----
- modules/http2/mod_proxy_http2.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/modules/http2/mod_proxy_http2.c b/modules/http2/mod_proxy_http2.c
-index aa299b937a5..2a9967e5d57 100644
---- a/modules/http2/mod_proxy_http2.c
-+++ b/modules/http2/mod_proxy_http2.c
-@@ -163,7 +163,7 @@ static int proxy_http2_canon(request_rec *r, char *url)
- * We have a raw control character or a ' ' in r->args.
- * Correct encoding was missed.
- */
-- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO()
-+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10412)
- "To be forwarded query string contains control "
- "characters or spaces");
- return HTTP_FORBIDDEN;
-