Changelog
apache2 (2.4.38-3+deb10u8) buster; urgency=medium
* Non-maintainer upload.
* CVE-2022-22719: denial of service in mod_lua via crafted request body.
* CVE-2022-22720: HTTP request smuggling.
* CVE-2022-22721: integer overflow leading to buffer overflow write.
* CVE-2022-23943: heap memory overwrite via crafted data in mod_sed.
* CVE-2022-26377: mod_proxy_ajp: Possible request smuggling.
* CVE-2022-28614: read beyond bounds via ap_rwrite().
* CVE-2022-28615: Read beyond bounds in ap_strcmp_match().
* CVE-2022-29404: Denial of service in mod_lua r:parsebody.
* CVE-2022-30522: mod_sed denial of service.
* CVE-2022-30556: Information Disclosure in mod_lua with websockets.
* CVE-2022-31813: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism.
-- Roberto C. Sánchez <email address hidden> Mon, 20 Jun 2022 15:03:00 -0400