diff options
Diffstat (limited to 'debian/patches/CVE-2021-26690.patch')
| -rw-r--r-- | debian/patches/CVE-2021-26690.patch | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/debian/patches/CVE-2021-26690.patch b/debian/patches/CVE-2021-26690.patch new file mode 100644 index 0000000..72c7457 --- /dev/null +++ b/debian/patches/CVE-2021-26690.patch @@ -0,0 +1,20 @@ +Description: <short summary of the patch> +Author: Apache authors +Origin: upstream, https://github.com/apache/httpd/commit/67bd9bfe +Bug: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26690 +Forwarded: not-needed +Reviewed-By: Yadd <yadd@debian.org> +Last-Update: 2021-06-10 + +--- a/modules/session/mod_session.c ++++ b/modules/session/mod_session.c +@@ -392,8 +392,8 @@ + char *plast = NULL; + const char *psep = "="; + char *key = apr_strtok(pair, psep, &plast); +- char *val = apr_strtok(NULL, psep, &plast); + if (key && *key) { ++ char *val = apr_strtok(NULL, sep, &plast); + if (!val || !*val) { + apr_table_unset(z->entries, key); + } |