From 1221c736f9a90756d47ea6d28320b6b83602dd2a Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Tue, 7 May 2024 04:04:07 +0200
Subject: Adding debian version 2.4.38-3+deb10u8.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 debian/patches/CVE-2021-26690.patch | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 debian/patches/CVE-2021-26690.patch

(limited to 'debian/patches/CVE-2021-26690.patch')

diff --git a/debian/patches/CVE-2021-26690.patch b/debian/patches/CVE-2021-26690.patch
new file mode 100644
index 0000000..72c7457
--- /dev/null
+++ b/debian/patches/CVE-2021-26690.patch
@@ -0,0 +1,20 @@
+Description: <short summary of the patch>
+Author: Apache authors
+Origin: upstream, https://github.com/apache/httpd/commit/67bd9bfe
+Bug: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26690
+Forwarded: not-needed
+Reviewed-By: Yadd <yadd@debian.org>
+Last-Update: 2021-06-10
+
+--- a/modules/session/mod_session.c
++++ b/modules/session/mod_session.c
+@@ -392,8 +392,8 @@
+         char *plast = NULL;
+         const char *psep = "=";
+         char *key = apr_strtok(pair, psep, &plast);
+-        char *val = apr_strtok(NULL, psep, &plast);
+         if (key && *key) {
++	    char *val = apr_strtok(NULL, sep, &plast);
+             if (!val || !*val) {
+                 apr_table_unset(z->entries, key);
+             }
-- 
cgit v1.2.3