Bug#1029217: bullseye-pu: package libapreq2/2.13-7~deb11u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1029217: bullseye-pu: package libapreq2/2.13-7~deb11u1
From: Tobias Frost <tobi@debian.org>
Date: Thu, 19 Jan 2023 20:47:08 +0100
Message-id: <[🔎] 167415762866.197645.4485649210838423789.reportbug@isildor.loewenhoehle.ip>
Reply-to: Tobias Frost <tobi@debian.org>, 1029217@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: libapreq2@packages.debian.org, Salvatore Bonaccorso <carnil@debian.org>
Control: affects -1 + src:libapreq2

I've uploaded prepared an security update of libapreq2 for LTS and ELTS.
The proposed upload fixes the CVE also for bullseye.

CVE-2022-22728:

A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer
overflow while processing multipart form uploads. A remote attacker could send
a request causing a process crash which could lead to a denial of service
attack.

I've conducted tests with e.g the reverse dependency rapache (libapache2-mod-r-base)

--
tobi

Reply to:

Prev by Date: Processed: Re: Bug#1028592: Info received (Bug#1028592: Acknowledgement (tagcoll2 2.0.14-2 fails to build on sid))
Next by Date: cdist is marked for autoremoval from testing
Previous by thread: log4c_1.2.4-3_source.changes ACCEPTED into unstable
Next by thread: cdist is marked for autoremoval from testing
Index(es):
- Date
- Thread