diff options
| author | Stefan Fritsch <sf@debian.org> | 2010-03-02 20:42:00 +0000 |
|---|---|---|
| committer | Stefan Fritsch <sf@sfritsch.de> | 2012-01-02 10:37:22 +0100 |
| commit | 9baccfc94d664f35d36fc6deef84a0c7de916ed2 (patch) | |
| tree | 6cdca934599eb99782ebf2bdbfe409d1a4bf0eb6 | |
| parent | e59d4c635c7ec930aa2ce4f2885dc7f4b60013da (diff) | |
| download | apache2-9baccfc94d664f35d36fc6deef84a0c7de916ed2.tar.gz | |
fix CVE-2010-0408
git-svn-id: svn+ssh://svn.debian.org/svn/pkg-apache/branches/lenny-apache2@1160 01b336ce-410b-0410-9a02-a0e7f243c266
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | debian/patches/00list | 1 | ||||
| -rwxr-xr-x | debian/patches/077_CVE-2010-0408_mod_proxy_ajp_DoS.dpatch | 19 |
3 files changed, 22 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 68ae58d7..fa34c3f1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,7 @@ apache2 (2.2.9-10+lenny7) UNRELEASED; urgency=low + * Security: CVE-2010-0408: Fix denial of service vulnerability in + mod_proxy_ajp. * Add missing psmisc dependency for killall used in the init script. Closes: #568542 diff --git a/debian/patches/00list b/debian/patches/00list index 370deaae..3a3e2166 100644 --- a/debian/patches/00list +++ b/debian/patches/00list @@ -35,6 +35,7 @@ 074_CVE-2009-3094.dpatch 075_CVE-2009-3095.dpatch 076_CVE-2009-3555.dpatch +077_CVE-2010-0408_mod_proxy_ajp_DoS.dpatch 099_config_guess_sub_update 200_cp_suexec.dpatch 201_build_suexec-custom.dpatch diff --git a/debian/patches/077_CVE-2010-0408_mod_proxy_ajp_DoS.dpatch b/debian/patches/077_CVE-2010-0408_mod_proxy_ajp_DoS.dpatch new file mode 100755 index 00000000..79d2566b --- /dev/null +++ b/debian/patches/077_CVE-2010-0408_mod_proxy_ajp_DoS.dpatch @@ -0,0 +1,19 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 077_CVE-2010-0408_mod_proxy_ajp_DoS.dpatch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: http://svn.apache.org/viewvc?rev=917876&view=rev + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' lenny-apache2~/modules/proxy/mod_proxy_ajp.c lenny-apache2/modules/proxy/mod_proxy_ajp.c +--- a/modules/proxy/mod_proxy_ajp.c ++++ a/modules/proxy/mod_proxy_ajp.c +@@ -231,7 +231,7 @@ + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, + "proxy: ap_get_brigade failed"); + apr_brigade_destroy(input_brigade); +- return HTTP_INTERNAL_SERVER_ERROR; ++ return HTTP_BAD_REQUEST; + } + + /* have something */ |