From 7c0dc3ccb32ee21000826c2c5038c4a6f0b5e444 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Tue, 7 May 2024 06:32:01 +0200 Subject: Adding debian version 2.4.38-3+deb10u10. Signed-off-by: Daniel Baumann --- .../patches/0057-CVE-2023-25690-Regression-3.patch | 24 ++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 debian/patches/0057-CVE-2023-25690-Regression-3.patch (limited to 'debian/patches/0057-CVE-2023-25690-Regression-3.patch') diff --git a/debian/patches/0057-CVE-2023-25690-Regression-3.patch b/debian/patches/0057-CVE-2023-25690-Regression-3.patch new file mode 100644 index 0000000..431f145 --- /dev/null +++ b/debian/patches/0057-CVE-2023-25690-Regression-3.patch @@ -0,0 +1,24 @@ +From 1a4aac3d209f4314bcb511d73cf12f8c25c8c984 Mon Sep 17 00:00:00 2001 +From: Eric Covener +Date: Sat, 11 Mar 2023 21:29:11 +0000 +Subject: [PATCH] followup to r1908296: only for redirects + +git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908299 13f79535-47bb-0310-9956-ffa450edef68 +--- + modules/mappers/mod_rewrite.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +Index: apache2/modules/mappers/mod_rewrite.c +=================================================================== +--- apache2.orig/modules/mappers/mod_rewrite.c ++++ apache2/modules/mappers/mod_rewrite.c +@@ -4708,8 +4708,7 @@ static int hook_uri2file(request_rec *r) + unsigned skip_absolute = is_absolute_uri(r->filename, NULL); + apr_size_t flen = r->filename ? strlen(r->filename) : 0; + int to_proxyreq = (flen > 6 && strncmp(r->filename, "proxy:", 6) == 0); +- int will_escape = (to_proxyreq || skip_absolute) +- && (rulestatus != ACTION_NOESCAPE); ++ int will_escape = skip_absolute && (rulestatus != ACTION_NOESCAPE); + + if (r->args + && !will_escape -- cgit v1.2.3