[Pkg-apache-commits] r1160 - in /branches/lenny-apache2: changelog patches/00list patches/077_CVE-2010-0408_mod_proxy_ajp_DoS.dpatch

sf at alioth.debian.org sf at alioth.debian.org
Tue Mar 2 20:42:01 UTC 2010 

Author: sf
Date: Tue Mar  2 20:42:00 2010
New Revision: 1160

URL: http://svn.debian.org/wsvn/pkg-apache/?sc=1&rev=1160
Log:
fix CVE-2010-0408

Added:
    branches/lenny-apache2/patches/077_CVE-2010-0408_mod_proxy_ajp_DoS.dpatch   (with props)
Modified:
    branches/lenny-apache2/changelog
    branches/lenny-apache2/patches/00list

Modified: branches/lenny-apache2/changelog
URL: http://svn.debian.org/wsvn/pkg-apache/branches/lenny-apache2/changelog?rev=1160&op=diff
==============================================================================
--- branches/lenny-apache2/changelog (original)
+++ branches/lenny-apache2/changelog Tue Mar  2 20:42:00 2010
@@ -1,5 +1,7 @@
 apache2 (2.2.9-10+lenny7) UNRELEASED; urgency=low
 
+  * Security: CVE-2010-0408: Fix denial of service vulnerability in
+    mod_proxy_ajp.
   * Add missing psmisc dependency for killall used in the init script.
     Closes: #568542
 

Modified: branches/lenny-apache2/patches/00list
URL: http://svn.debian.org/wsvn/pkg-apache/branches/lenny-apache2/patches/00list?rev=1160&op=diff
==============================================================================
--- branches/lenny-apache2/patches/00list (original)
+++ branches/lenny-apache2/patches/00list Tue Mar  2 20:42:00 2010
@@ -35,6 +35,7 @@
 074_CVE-2009-3094.dpatch
 075_CVE-2009-3095.dpatch
 076_CVE-2009-3555.dpatch
+077_CVE-2010-0408_mod_proxy_ajp_DoS.dpatch
 099_config_guess_sub_update
 200_cp_suexec.dpatch
 201_build_suexec-custom.dpatch

Added: branches/lenny-apache2/patches/077_CVE-2010-0408_mod_proxy_ajp_DoS.dpatch
URL: http://svn.debian.org/wsvn/pkg-apache/branches/lenny-apache2/patches/077_CVE-2010-0408_mod_proxy_ajp_DoS.dpatch?rev=1160&op=file
==============================================================================
--- branches/lenny-apache2/patches/077_CVE-2010-0408_mod_proxy_ajp_DoS.dpatch (added)
+++ branches/lenny-apache2/patches/077_CVE-2010-0408_mod_proxy_ajp_DoS.dpatch Tue Mar  2 20:42:00 2010
@@ -1,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 077_CVE-2010-0408_mod_proxy_ajp_DoS.dpatch
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: http://svn.apache.org/viewvc?rev=917876&view=rev
+
+ at DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' lenny-apache2~/modules/proxy/mod_proxy_ajp.c lenny-apache2/modules/proxy/mod_proxy_ajp.c
+--- a/modules/proxy/mod_proxy_ajp.c
++++ a/modules/proxy/mod_proxy_ajp.c
+@@ -231,7 +231,7 @@
+             ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
+                          "proxy: ap_get_brigade failed");
+             apr_brigade_destroy(input_brigade);
+-            return HTTP_INTERNAL_SERVER_ERROR;
++            return HTTP_BAD_REQUEST;
+         }
+ 
+         /* have something */

Propchange: branches/lenny-apache2/patches/077_CVE-2010-0408_mod_proxy_ajp_DoS.dpatch
------------------------------------------------------------------------------
    svn:executable = *

More information about the Pkg-apache-commits mailing list