Package: libapache2-mod-perl2 Version: 2.0.9~1624218-2+deb8u1 Severity: serious
As per http://perl.debian.net/rebuild-logs/jessie/libapache2-mod-perl2_2.0.9~1624218-2+deb8u1/libapache2-mod-perl2_2.0.9~1624218-2+deb8u1_amd64-2017-06-05T19:42:17Z.build this package currently fails to build in jessie. Test Summary Report ------------------- t/apache/read.t (Wstat: 0 Tests: 1 Failed: 1) Failed test: 1 t/filter/in_bbs_inject_header.t (Wstat: 512 Tests: 0 Failed: 0) Non-zero exit status: 2 Parse errors: Bad plan. You planned 36 tests but ran 0. This is very similar to #849082 and was most probably caused by apache2 (2.4.10-10+deb8u8) jessie-security; urgency=medium . * CVE-2016-8743: Enforce more HTTP conformance for request lines and request headers, to prevent response splitting and cache pollution by malicious clients or downstream proxies. If this causes problems with non-conforming clients, some checks can be relaxed by adding the new directive 'HttpProtocolOptions unsafe' to the configuration. Differently than the upstream 2.4.25 release which will also be in the Debian 9 (stretch) release, this update for Debian 8 (jessie) accepts underscores in host and domain names even while 'HttpProtocolOptions strict' is in effect. More information is available at http://httpd.apache.org/docs/2.4/mod/core.html#httpprotocoloptions so 370_http_syntax.patch and 380_inject_header_line_terminators.patch from stretch/sid should help (untested). -- Niko Tyni nt...@debian.org
