1 files changed, 27 insertions, 0 deletions

diff --git a/debian/patches/CVE-2019-0196.patch b/debian/patches/CVE-2019-0196.patch
new file mode 100644
index 0000000..eaec989
--- /dev/null
+++ b/debian/patches/CVE-2019-0196.patch
@@ -0,0 +1,27 @@
+From 8de3c6f2a0df79d1476c89ec480a96f9282cea28 Mon Sep 17 00:00:00 2001
+From: Stefan Eissing <icing@apache.org>
+Date: Tue, 5 Feb 2019 11:52:28 +0000
+Subject: [PATCH] Merge of r1852986 from trunk:
+
+mod_http2: disentangelment of stream and request method.
+
+
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1852989 13f79535-47bb-0310-9956-ffa450edef68
+---
+ modules/http2/h2_request.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules/http2/h2_request.c b/modules/http2/h2_request.c
+index 8899c4feb75..5ee88e9679f 100644
+--- a/modules/http2/h2_request.c
++++ b/modules/http2/h2_request.c
+@@ -266,7 +266,7 @@ request_rec *h2_request_create_rec(const h2_request *req, conn_rec *c)
+     
+     /* Time to populate r with the data we have. */
+     r->request_time = req->request_time;
+-    r->method = req->method;
++    r->method = apr_pstrdup(r->pool, req->method);
+     /* Provide quick information about the request method as soon as known */
+     r->method_number = ap_method_number_of(r->method);
+     if (r->method_number == M_GET && r->method[0] == 'H') {