Bug#1029217: bullseye-pu: package libapreq2/2.13-7~deb11u1
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: libapreq2@packages.debian.org, Salvatore Bonaccorso <carnil@debian.org>
Control: affects -1 + src:libapreq2
I've uploaded prepared an security update of libapreq2 for LTS and ELTS.
The proposed upload fixes the CVE also for bullseye.
CVE-2022-22728:
A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer
overflow while processing multipart form uploads. A remote attacker could send
a request causing a process crash which could lead to a denial of service
attack.
I've conducted tests with e.g the reverse dependency rapache (libapache2-mod-r-base)
--
tobi
Reply to: