[Git][security-tracker-team/security-tracker][master] CVE-2021-40438/apache2: clarify patches + re-order regression fixes

Thu, 30 Sep 2021 08:24:41 -0700 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bffb81a1 by Sylvain Beucler at 2021-09-30T17:20:26+02:00
CVE-2021-40438/apache2: clarify patches + re-order regression fixes
Cf. https://bugzilla.suse.com/show_bug.cgi?id=1190703#c1

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3095,10 +3095,10 @@ CVE-2021-40439
 CVE-2021-40438 (A crafted request uri-path can cause mod_proxy to forward the 
request  ...)
        - apache2 2.4.49-1
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-40438
-       NOTE: 
https://github.com/apache/httpd/commit/496c863776c68bd08cdbeb7d8fa5935ba63b76c2 
(2.4.x)
-       NOTE: 
https://github.com/apache/httpd/commit/d4901cb32133bc0e59ad193a29d1665597080d67 
(2.4.x)
-       NOTE: Regression fix: 
https://github.com/apache/httpd/commit/81a8b0133b46c4cf7dfc4b5476ad46eb34aa0a5c 
(2.4.x)
-       NOTE: Second regression fix: 
https://github.com/apache/httpd/commit/6e768a811c59ca6a0769b72681aaef381823339f 
(2.4.x)
+       NOTE: Minimal fix: 
https://github.com/apache/httpd/commit/496c863776c68bd08cdbeb7d8fa5935ba63b76c2 
(2.4.x)
+       NOTE: Future-proof follow-up: 
https://github.com/apache/httpd/commit/d4901cb32133bc0e59ad193a29d1665597080d67 
(2.4.x)
+       NOTE: Regression fix #1: 
https://github.com/apache/httpd/commit/6e768a811c59ca6a0769b72681aaef381823339f 
(2.4.x)
+       NOTE: Regression fix #2: 
https://github.com/apache/httpd/commit/81a8b0133b46c4cf7dfc4b5476ad46eb34aa0a5c 
(2.4.x)
 CVE-2021-40491 (The ftp client in GNU Inetutils before 2.2 does not validate 
addresses ...)
        - inetutils 2:2.2-1 (bug #993476)
        [bullseye] - inetutils <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bffb81a16bdd0fb3f549078b48f1b10114b3eb2c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bffb81a16bdd0fb3f549078b48f1b10114b3eb2c
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to