diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-07 02:04:07 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-07 02:04:07 +0000 |
commit | 1221c736f9a90756d47ea6d28320b6b83602dd2a (patch) | |
tree | b453ba7b1393205258c9b098a773b4330984672f /debian/patches/CVE-2021-31618.patch | |
parent | Adding upstream version 2.4.38. (diff) | |
download | apache2-debian/2.4.38-3+deb10u8.tar.xz apache2-debian/2.4.38-3+deb10u8.zip |
Adding debian version 2.4.38-3+deb10u8.debian/2.4.38-3+deb10u8debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/CVE-2021-31618.patch')
-rw-r--r-- | debian/patches/CVE-2021-31618.patch | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/debian/patches/CVE-2021-31618.patch b/debian/patches/CVE-2021-31618.patch new file mode 100644 index 0000000..12d59c8 --- /dev/null +++ b/debian/patches/CVE-2021-31618.patch @@ -0,0 +1,20 @@ +Description: fix NULL pointer dereference on specially crafted HTTP/2 request +Author: Upstream +Origin: upstream, http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http2/h2_stream.c?r1=1889759&r2=1889758&pathrev=1889759 +Bug: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-31618 +Bug-Debian: https://bugs.debian.org/989562 +Forwarded: not-needed +Reviewed-By: Yadd <yadd@debian.org> +Last-Update: 2021-06-10 + +--- a/modules/http2/h2_stream.c ++++ b/modules/http2/h2_stream.c +@@ -638,7 +638,7 @@ + + static void set_error_response(h2_stream *stream, int http_status) + { +- if (!h2_stream_is_ready(stream)) { ++ if (!h2_stream_is_ready(stream) && stream->rtmp) { + conn_rec *c = stream->session->c; + apr_bucket *b; + h2_headers *response; |