Package: libapreq2 / 2.13-7+deb11u1

Metadata

Package Version Patches format
libapreq2 2.13-7+deb11u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
01 fake installed apache.patch | (download)

build/version_check.pl | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 fake that apache is installed.
 Instead of checking version number with apache2 -v, we hard-code a working
 version. This enables the package to be built without installing a running
 Apache on the building host.
02 hardcode usr prefix.patch | (download)

apreq2-config.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 hard-code apreq2-config --prefix
 apreq2-config will leak information about the build environment.
 Hard-code what --prefix returns, so it's at least slightly more sane.
03 link in apr shared objects.patch | (download)

glue/Makefile.am | 1 0 + 1 - 0 !
glue/Makefile.in | 1 0 + 1 - 0 !
2 files changed, 2 deletions(-)

 
---
04 pass libdir to configure.patch | (download)

Makefile.PL | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
---
05 nested multipart null dereference.patch | (download)

library/parser_multipart.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 
---
10 CVE 2022 22728_1of4.patch | (download)

library/parser_header.c | 194 133 + 61 - 0 !
1 file changed, 133 insertions(+), 61 deletions(-)

 
 cve-2022-22728 -- multipart form parse memory corruption
 A flaw in Apache libapreq2 versions 2.16 and earlier could cause a
 buffer overflow while processing multipart form uploads. A remote
 attacker could send a request causing a process crash which could lead
 to a denial of service attack.
 This is #1 of 4 patches, see also https://www.openwall.com/lists/oss-security/2023/01/02/2
11 CVE 2022 22728_2of4.patch | (download)

library/parser_header.c | 56 27 + 29 - 0 !
1 file changed, 27 insertions(+), 29 deletions(-)

 
 cve-2022-22728 -- multipart form parse memory corruption
 A flaw in Apache libapreq2 versions 2.16 and earlier could cause a
 buffer overflow while processing multipart form uploads. A remote
 attacker could send a request causing a process crash which could lead
 to a denial of service attack.
 This is #2 of 4 patches, see alos https://www.openwall.com/lists/oss-security/2023/01/02/2
12 CVE 2022 22728_3of4.patch | (download)

library/parser_header.c | 164 87 + 77 - 0 !
1 file changed, 87 insertions(+), 77 deletions(-)

 
 cve-2022-22728 -- multipart form parse memory corruption
 A flaw in Apache libapreq2 versions 2.16 and earlier could cause a
 buffer overflow while processing multipart form uploads. A remote
 attacker could send a request causing a process crash which could lead
 to a denial of service attack.
 This is #3 of 4 patches, see alos https://www.openwall.com/lists/oss-security/2023/01/02/2
13 CVE 2022 22728_4of4.patch | (download)

library/parser_header.c | 10 6 + 4 - 0 !
1 file changed, 6 insertions(+), 4 deletions(-)

 
 cve-2022-22728 -- multipart form parse memory corruption
 A flaw in Apache libapreq2 versions 2.16 and earlier could cause a
 buffer overflow while processing multipart form uploads. A remote
 attacker could send a request causing a process crash which could lead
 to a denial of service attack.
 This is #4 of 4 patches, see alos https://www.openwall.com/lists/oss-security/2023/01/02/2