diff options
Diffstat (limited to 'debian/patches/CVE-2021-31618.patch')
| -rw-r--r-- | debian/patches/CVE-2021-31618.patch | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/debian/patches/CVE-2021-31618.patch b/debian/patches/CVE-2021-31618.patch new file mode 100644 index 0000000..12d59c8 --- /dev/null +++ b/debian/patches/CVE-2021-31618.patch @@ -0,0 +1,20 @@ +Description: fix NULL pointer dereference on specially crafted HTTP/2 request +Author: Upstream +Origin: upstream, http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http2/h2_stream.c?r1=1889759&r2=1889758&pathrev=1889759 +Bug: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-31618 +Bug-Debian: https://bugs.debian.org/989562 +Forwarded: not-needed +Reviewed-By: Yadd <yadd@debian.org> +Last-Update: 2021-06-10 + +--- a/modules/http2/h2_stream.c ++++ b/modules/http2/h2_stream.c +@@ -638,7 +638,7 @@ + + static void set_error_response(h2_stream *stream, int http_status) + { +- if (!h2_stream_is_ready(stream)) { ++ if (!h2_stream_is_ready(stream) && stream->rtmp) { + conn_rec *c = stream->session->c; + apr_bucket *b; + h2_headers *response; |