Bug#1029217: bullseye-pu: package libapreq2/2.13-7~deb11u1

To: Tobias Frost <tobi@debian.org>, 1029217@bugs.debian.org
Subject: Bug#1029217: bullseye-pu: package libapreq2/2.13-7~deb11u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 04 Feb 2023 19:05:36 +0000
Message-id: <[🔎] d1c09bdfcc242b8a469d86b374e0cb4b6d52c955.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1029217@bugs.debian.org
In-reply-to: <167415762866.197645.4485649210838423789.reportbug@isildor.loewenhoehle.ip>
References: <167415762866.197645.4485649210838423789.reportbug@isildor.loewenhoehle.ip> <167415762866.197645.4485649210838423789.reportbug@isildor.loewenhoehle.ip>

Control: tags -1 + confirmed

On Thu, 2023-01-19 at 20:47 +0100, Tobias Frost wrote:
> I've uploaded prepared an security update of libapreq2 for LTS and
> ELTS.
> The proposed upload fixes the CVE also for bullseye.
> 
> CVE-2022-22728:
> 
> A flaw in Apache libapreq2 versions 2.16 and earlier could cause a
> buffer
> overflow while processing multipart form uploads. A remote attacker
> could send
> a request causing a process crash which could lead to a denial of
> service
> attack.
> 

Please go ahead, with the changes suggested by Salvatore.

Regards,

Adam

Reply to:

Prev by Date: Processed: Re: Bug#1029320: bullseye-pu: package w3m/0.5.3+git20210102-6+deb11u1
Next by Date: Processed: Re: Bug#1029217: bullseye-pu: package libapreq2/2.13-7~deb11u1
Previous by thread: Bug#1029320: bullseye-pu: package w3m/0.5.3+git20210102-6+deb11u1
Next by thread: Processed: Re: Bug#1029217: bullseye-pu: package libapreq2/2.13-7~deb11u1
Index(es):
- Date
- Thread