← Back to branch summary

~ubuntu-branches/ubuntu/jaunty/apache2/jaunty-proposed

~ubuntu-branches/ubuntu/jaunty/apache2/jaunty-proposed

« back to all changes in this revision

Viewing changes to debian/patches/907_CVE-2010-0408.dpatch

Committer: Bazaar Package Importer
Author(s): Marc Deslauriers
Date: 2010-03-08 11:26:48 UTC
Revision ID: james.westby@ubuntu.com-20100308112648-vdj61th2y2mpo2wl

Tags: 2.2.11-2ubuntu2.6

* SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
  - debian/patches/907_CVE-2010-0408.dpatch: return the right error code
    in modules/proxy/mod_proxy_ajp.c.
  - CVE-2010-0408
* SECURITY UPDATE: information disclosure via improper handling of
  headers in subrequests
  - debian/patches/908_CVE-2010-0434.dpatch: use a copy of r->headers_in
    in server/protocol.c.
  - CVE-2010-0434

files added:
.deps

debian/patches/907_CVE-2010-0408.dpatch

debian/patches/908_CVE-2010-0434.dpatch

files modified:
debian/changelog

debian/patches/00list

Show diffs side-by-side

added added

removed removed

debian/patches/907_CVE-2010-0408.dpatch

1

#! /bin/sh /usr/share/dpatch/dpatch-run

2

# Description: fix denial of service via crafted request in mod_proxy_ajp

3

# Origin: upstream, http://svn.apache.org/viewvc?view=revision&revision=917876

4

5

@DPATCH@

6

diff -urNad apache2-2.2.11~/modules/proxy/mod_proxy_ajp.c apache2-2.2.11/modules/proxy/mod_proxy_ajp.c

7

--- apache2-2.2.11~/modules/proxy/mod_proxy_ajp.c 2008-11-15 09:25:54.000000000 -0500

8

+++ apache2-2.2.11/modules/proxy/mod_proxy_ajp.c 2010-03-08 11:26:28.000000000 -0500

9

@@ -256,7 +256,7 @@

10

ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,

11

"proxy: ap_get_brigade failed");

12

apr_brigade_destroy(input_brigade);

13

- return HTTP_INTERNAL_SERVER_ERROR;

14

+ return HTTP_BAD_REQUEST;

15

}

16

17

/* have something */

Older »