[apache2] 06/07: patch for CVE-2015-0253, introduced in 2.4.11
Stefan Fritsch
sf at moszumanska.debian.org
Tue Apr 28 21:08:28 UTC 2015
This is an automated email from the git hooks/post-receive script.
sf pushed a commit to branch master
in repository apache2.
commit 257d1ec57aae6d60ba89cee8308b780cc9ddf192
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Tue Apr 28 22:48:01 2015 +0200
patch for CVE-2015-0253, introduced in 2.4.11
---
debian/changelog | 2 ++
debian/patches/CVE-2015-0253_ErrorDocument.diff | 42 +++++++++++++++++++++++++
debian/patches/series | 6 ++--
3 files changed, 48 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index df624ec..98f94cc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
apache2 (2.4.12-1) UNRELEASED; urgency=medium
* New upstream version
+ * Add a patch for CVE-2015-0253 which was introduced in 2.4.11 which
+ was never shipped in Debian.
* Ship mod_proxy_html's default config file. Closes: #782022
* Fix typo in dh_apache2 man page. Closes: #781032
diff --git a/debian/patches/CVE-2015-0253_ErrorDocument.diff b/debian/patches/CVE-2015-0253_ErrorDocument.diff
new file mode 100644
index 0000000..36a9581
--- /dev/null
+++ b/debian/patches/CVE-2015-0253_ErrorDocument.diff
@@ -0,0 +1,42 @@
+#commit 9a6f9bcf9594bc946d23b9a27e3510488e9f94a9
+#Author: Eric Covener <covener at apache.org>
+#Date: Tue Mar 24 13:08:44 2015 +0000
+#
+# Merge r1664205 from trunk:
+#
+# *) SECURITY: CVE-2015-0253 (cve.mitre.org)
+# core: Fix a crash introduced in with ErrorDocument 400 pointing
+# to a local URL-path with the INCLUDES filter active, introduced
+# in 2.4.11. PR 57531. [Yann Ylavic]
+#
+#
+# Submitted By: ylavic
+# Committed By: covener
+#
+#
+#
+#
+#
+#
+# git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1668879 13f79535-47bb-0310-9956-ffa450edef68
+#
+--- apache2.orig/server/protocol.c
++++ apache2/server/protocol.c
+@@ -599,8 +599,6 @@ static int read_request_line(request_rec
+ */
+ if (APR_STATUS_IS_ENOSPC(rv)) {
+ r->status = HTTP_REQUEST_URI_TOO_LARGE;
+- r->proto_num = HTTP_VERSION(1,0);
+- r->protocol = apr_pstrdup(r->pool, "HTTP/1.0");
+ }
+ else if (APR_STATUS_IS_TIMEUP(rv)) {
+ r->status = HTTP_REQUEST_TIME_OUT;
+@@ -608,6 +606,8 @@ static int read_request_line(request_rec
+ else if (APR_STATUS_IS_EINVAL(rv)) {
+ r->status = HTTP_BAD_REQUEST;
+ }
++ r->proto_num = HTTP_VERSION(1,0);
++ r->protocol = apr_pstrdup(r->pool, "HTTP/1.0");
+ return 0;
+ }
+ } while ((len <= 0) && (++num_blank_lines < max_blank_lines));
diff --git a/debian/patches/series b/debian/patches/series
index 87ab59c..c9ff599 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,7 +3,9 @@ no_LD_LIBRARY_PATH.patch
suexec-CVE-2007-1742.patch
customize_apxs.patch
build_suexec-custom.patch
-# This patch is applied manually
-#suexec-custom.patch
CVE-2015-0228_mod_lua.diff
mpm_event_crash.diff
+CVE-2015-0253_ErrorDocument.diff
+
+# This patch is applied manually
+#suexec-custom.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git
More information about the Pkg-apache-commits
mailing list