[Git][security-tracker-team/security-tracker][master] CVE-2021-36160/apache2: reference upstream'd regression patch

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4a047d03 by Sylvain Beucler at 2021-12-01T18:20:24+01:00
CVE-2021-36160/apache2: reference upstream'd regression patch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23213,6 +23213,7 @@ CVE-2021-36160 (A carefully crafted request uri-path can cause mod_proxy_uwsgi t
 	NOTE: uwsgi since 2.0.15-11 drops building the libapache2-mod-proxy-uwsgi{,-dbg}
 	NOTE: packages which are provided by src:apache2 itself.
 	NOTE: Regression report: https://bz.apache.org/bugzilla/show_bug.cgi?id=65616
+	NOTE: Regression patch: https://github.com/apache/httpd/commit/8966e290a6e947fad0289bf4e243b0b552e13726 (2.4.x)
 CVE-2021-36159 (libfetch before 2021-07-26, as used in apk-tools, xbps, and other prod ...)
 	NOT-FOR-US: libfetch
 CVE-2021-36158 (In the xrdp package (in branches through 3.14) for Alpine Linux, RDP s ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a047d0367388a64a1733d172e6c98fe58807df3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a047d0367388a64a1733d172e6c98fe58807df3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211201/cf141c75/attachment.htm>