From 7c0dc3ccb32ee21000826c2c5038c4a6f0b5e444 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Tue, 7 May 2024 06:32:01 +0200
Subject: Adding debian version 2.4.38-3+deb10u10.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 debian/changelog | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'debian/changelog')

diff --git a/debian/changelog b/debian/changelog
index c5cbe51..ee0857b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,20 @@
+apache2 (2.4.38-3+deb10u10) buster-security; urgency=medium
+
+  * Non-maintainer upload by the LTS Team.
+  * CVE-2023-27522: HTTP Response Smuggling in mod_proxy_uwsgi
+    (Closes: #1032476)
+  * CVE-2023-25690: Some mod_proxy configurations allow a HTTP
+    Request Smuggling attack. Configurations are affected
+    when mod_proxy is enabled along with some form of RewriteRule
+    or ProxyPassMatch in which a non-specific pattern matches
+    some portion of the user-supplied request-target (URL)
+    data and is then re-inserted into the proxied request-target
+    using variable substitution. (Closes: #1032476)
+  * Backport perl-framework testsuite from sid
+  * Backport regression fix for CVE-2023-25690
+
+ -- Bastien Roucariès <rouca@debian.org>  Fri, 21 Apr 2023 22:01:00 +0000
+
 apache2 (2.4.38-3+deb10u9) buster-security; urgency=medium
 
   * Non-maintainer upload by the LTS Team.
-- 
cgit v1.2.3