Bug#858373: help needed to complete regression fix for apache2 Bug#858373

Wed, 19 Jul 2017 12:51:30 -0700 

And then, obviously, I forget the patch.

Sorry for the noise.

-- 
The secret of life is to have no fear; it's the only way to function.
                        - Stokely Carmichael

diff -Nru apache2-2.2.22/debian/changelog apache2-2.2.22/debian/changelog
--- apache2-2.2.22/debian/changelog	2017-07-17 03:50:16.000000000 -0400
+++ apache2-2.2.22/debian/changelog	2017-07-19 14:12:44.000000000 -0400
@@ -1,3 +1,12 @@
+apache2 (2.2.22-13+deb7u11) UNRELEASED; urgency=high
+
+  * Non-maintainer upload by the LTS Security Team.
+  * fix regression introduced in 2.2.22-13+deb7u8 that re-introduced
+    something like CVE-2015-0253 when fixing CVE-2016-8743 (Closes:
+    #858373)
+
+ -- Antoine Beaupré <anar...@debian.org>  Wed, 19 Jul 2017 14:12:44 -0400
+
 apache2 (2.2.22-13+deb7u10) wheezy-security; urgency=high
 
   * CVE-2017-9788: The value placeholder in [Proxy-]Authorization headers of
diff -Nru apache2-2.2.22/debian/patches/CVE-2016-8743-regression.patch apache2-2.2.22/debian/patches/CVE-2016-8743-regression.patch
--- apache2-2.2.22/debian/patches/CVE-2016-8743-regression.patch	1969-12-31 19:00:00.000000000 -0500
+++ apache2-2.2.22/debian/patches/CVE-2016-8743-regression.patch	2017-07-19 14:12:44.000000000 -0400
@@ -0,0 +1,23 @@
+Description: fix regression introduced in CVE-2016-8743
+ The messy CVE-2016-8743 patchset introduced an error in protocol
+ initialization in some error cases. This makes sure that invalid
+ requests doesn't segfault apache.
+ .
+ This is similar, but not directly related to CVE-2015-0253.
+Origin: https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/protocol.c?r1=1642403&r2=1668879&pathrev=1668879&view=patch
+Bug-Debian: 858373
+Forwarded: not-needed
+Author: Antoine Beaupré
+Last-update: 2017-07-19
+
+--- a/server/protocol.c
++++ b/server/protocol.c
+@@ -637,6 +637,8 @@ static int read_request_line(request_rec
+             else if (APR_STATUS_IS_EINVAL(rv)) {
+                 r->status = HTTP_BAD_REQUEST;
+             }
++            r->proto_num = HTTP_VERSION(1,0);
++            r->protocol  = apr_pstrdup(r->pool, "HTTP/1.0");
+             return 0;
+         }
+     } while ((len <= 0) && (++num_blank_lines < max_blank_lines));
diff -Nru apache2-2.2.22/debian/patches/series apache2-2.2.22/debian/patches/series
--- apache2-2.2.22/debian/patches/series	2017-07-17 03:50:33.000000000 -0400
+++ apache2-2.2.22/debian/patches/series	2017-07-19 14:12:44.000000000 -0400
@@ -61,3 +61,4 @@
 CVE-2017-7668.patch
 CVE-2017-7669.patch
 CVE-2017-9788.patch
+CVE-2016-8743-regression.patch

Reply via email to