Bug#1078733: bullseye-pu: package apache2/2.4.62-1~deb11u1

To: Yadd <yadd@debian.org>, 1078733@bugs.debian.org
Subject: Bug#1078733: bullseye-pu: package apache2/2.4.62-1~deb11u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Thu, 15 Aug 2024 17:28:29 +0100
Message-id: <[🔎] 593ca365e62c785adc51f834058e67554ff65a8c.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1078733@bugs.debian.org
In-reply-to: <[🔎] 172368477600.57237.410047485710515477.reportbug@yadd-217.xnr.fr>
References: <[🔎] 172368477600.57237.410047485710515477.reportbug@yadd-217.xnr.fr> <[🔎] 172368477600.57237.410047485710515477.reportbug@yadd-217.xnr.fr>

Control: tags -1 + confirmed

On Thu, 2024-08-15 at 05:19 +0400, Yadd wrote:
> Same as #1076531 but for Bullseye
> 
> [ Reason ]
> Apache2 was updated to 2.4.61 due to 8 CVEs. However "a partial fix
> for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores
> some use of the legacy content-type based configuration of handlers.
> "AddType" and similar configuration, under some circumstances where
> files are requested indirectly, result in source code disclosure of
> local content. For example, PHP scripts may be served instead of
> interpreted".

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#1078733: bullseye-pu: package apache2/2.4.62-1~deb11u1
  - From: Yadd <yadd@debian.org>

Prev by Date: Bug#1076531: bookworm-pu: package apache2/2.4.62-1~deb12u1
Next by Date: Processed: Re: Bug#1078733: bullseye-pu: package apache2/2.4.62-1~deb11u1
Previous by thread: Processed: bullseye-pu: package apache2/2.4.62-1~deb11u1
Next by thread: Processed: Re: Bug#1078733: bullseye-pu: package apache2/2.4.62-1~deb11u1
Index(es):
- Date
- Thread