Debian
apache2 package

apache2 2.4.38-3+deb10u8 source package in Debian

Changelog

apache2 (2.4.38-3+deb10u8) buster; urgency=medium

  * Non-maintainer upload.
  * CVE-2022-22719: denial of service in mod_lua via crafted request body.
  * CVE-2022-22720: HTTP request smuggling.
  * CVE-2022-22721: integer overflow leading to buffer overflow write.
  * CVE-2022-23943: heap memory overwrite via crafted data in mod_sed.
  * CVE-2022-26377: mod_proxy_ajp: Possible request smuggling.
  * CVE-2022-28614: read beyond bounds via ap_rwrite().
  * CVE-2022-28615: Read beyond bounds in ap_strcmp_match().
  * CVE-2022-29404: Denial of service in mod_lua r:parsebody.
  * CVE-2022-30522: mod_sed denial of service.
  * CVE-2022-30556: Information Disclosure in mod_lua with websockets.
  * CVE-2022-31813: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism.

 -- Roberto C. Sánchez <email address hidden>  Mon, 20 Jun 2022 15:03:00 -0400

Upload details

Uploaded by:
Debian Apache Maintainers
Uploaded to:
Buster
Original maintainer:
Debian Apache Maintainers
Architectures:
any all
Section:
httpd
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Buster release main httpd

Builds

Downloads

File Size SHA-256 Checksum
apache2_2.4.38-3+deb10u8.dsc 3.2 KiB 756d7b64958ab5bbe1f4526518efdb096fda59418eb7d6a84e704557414bddbc
apache2_2.4.38.orig.tar.gz 8.8 MiB 38d0b73aa313c28065bf58faf64cec12bf7c7d5196146107df2ad07541aa26a6
apache2_2.4.38-3+deb10u8.debian.tar.xz 1.0 MiB 63d2e8fb0b2a148e1ebddc1ef57d90f97c1478e9dc6127fc8a63e52fd90b0d35

No changes file available.

Binary packages built by this source