Bug#316173: apache2: Security issues in HTTP proxy responses with both Transfer-Encoding and Content-Length headers

["Adam Conrad" <adconrad@0c3.net>]

Steve Kemp wrote:
>
> Can I be the first to say that I don't understand the nature of this
> issue?

The description sounds reasonably straightforward, though I'd classify
this as a vulnerability of pretty low importance, from a "will people be
exploited by this" viewpoint.

> Is this also present in 2.0.54 which is the latest stable release?
> There's no mention of it in the changelog there..

It looks like it's in 2.0.54, and there's a backport in SVN for the 2.0.55
release, but the backport looks more like a massive feature backport, not
just a small security patch, so I may look at if there's a way to fix this
a bit less intrusively.

Actually, it's worth nothing that we muck with Content-Length at another
point, thanks to a Debian-specific patch, so we may accidentally not be
vulnerable to this anyway.  I'll follow the code around a little later
today and see if that's the case.

... Adam