Accepted libapache-mod-jk 1:1.2.48-2+deb12u1 (source) into proposed-updates

Sun, 24 Sep 2023 12:47:32 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 24 Sep 2023 16:40:59 +0200
Source: libapache-mod-jk
Architecture: source
Version: 1:1.2.48-2+deb12u1
Distribution: bookworm
Urgency: high
Maintainer: Debian Java Maintainers 
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Closes: 1051956
Changes:
 libapache-mod-jk (1:1.2.48-2+deb12u1) bookworm; urgency=high
 .
   * Fix CVE-2023-41081:
     The mod_jk component of Apache Tomcat Connectors, an Apache 2 module to
     forward requests from Apache to Tomcat, in some circumstances, such as when
     a configuration included "JkOptions +ForwardDirectories" but the
     configuration did not provide explicit mounts for all possible proxied
     requests, mod_jk would use an implicit mapping and map the request to the
     first defined worker. Such an implicit mapping could result in the
     unintended exposure of the status worker and/or bypass security constraints
     configured in httpd. As of this security update, the implicit mapping
     functionality has been removed and all mappings must now be via explicit
     configuration. This issue affects Apache Tomcat Connectors (mod_jk only).
     (Closes: #1051956)
Checksums-Sha1:
 a14d6f34c6470c661e2ef17a67aee53e2b709f69 2303 
libapache-mod-jk_1.2.48-2+deb12u1.dsc
 57a7b6c9d1f0533d52c5266a39cf11d18b412139 61092 
libapache-mod-jk_1.2.48-2+deb12u1.debian.tar.xz
 020372d857bb06dfd628b494ccf0c96e70af3333 11309 
libapache-mod-jk_1.2.48-2+deb12u1_amd64.buildinfo
Checksums-Sha256:
 6da38fcdcde8bf8f4a955635e11a1a8c015542d75e0d3edcdb47433490a4321d 2303 
libapache-mod-jk_1.2.48-2+deb12u1.dsc
 d15998c8f5fcab3bee5ba728d2e8a55de43a8afecd065941b38466f6cfcc5fb8 61092 
libapache-mod-jk_1.2.48-2+deb12u1.debian.tar.xz
 eebf5608950bd30b6876beb3c146ddbdcb7dc66ca9eef17b908ca1e19ac57993 11309 
libapache-mod-jk_1.2.48-2+deb12u1_amd64.buildinfo
Files:
 1be6ef54c0271071d4a8d290bc1a4e70 2303 httpd optional 
libapache-mod-jk_1.2.48-2+deb12u1.dsc
 6cfc7600a6bf46cfdadc66956423720b 61092 httpd optional 
libapache-mod-jk_1.2.48-2+deb12u1.debian.tar.xz
 77a893f9ab9443f557aa367dad2dde59 11309 httpd optional 
libapache-mod-jk_1.2.48-2+deb12u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUQXS1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkeJ8QALX0+mG8rAc4aEHgTGykKjCabOVVytzgyS0q
Jmr59i8NiE1PIAaI9f7tVPAhNzan1Q2OI1f3NIj3PvyiavSGv1zrUo8TWgOtehU0
M/rOFot+F3B9RSQqTYC7+xPRI7aJUJTIDSKJGjwogNbB9q27BY7f1O1sKhqqed8l
gOP1J7TvwmSWhfy7zoGwOBZaKIrytOu3mqoTKQ7XGXSz9qxfHjJFGIDoKOuG/HhU
JByTb1YSZ7YczJc6kXp7OTyIPIZ59TUKvZa1hOaKHN4vtKvKD9ro3lAfiiNvtijB
tlPd5JMc22euRjrEtr3ZN9lgbVsMy7VHTV/pVBDWgxaMVsykaTcLct76zlwiAISJ
JeDvyfGR9O3JUqHB4W1H7d6bKxr9JeS0aBmsub7Ms1r8GnPkGd5lgFhNj2IQZw/j
OF20Lx/A9KDFHxxA8OIiSWzVJT/P97fSC0enrPmrdZWY06Rb2Rn9TOZb4eRpdNnV
9XAYpvoLufmWpcFds/VlwuOHoiI+JSUy2KS0Ty+DHO1tvBXjZTwuPOPuAD0vE+I4
NBGtDmTysvPWDGrH5K6PUlst4iP3ab6UxdEMDapf374NyOirIFh9tlZ8xj53gbk/
v19l9mFLiaKg3wJ8yZUq7DvfNytYbk1nf2gb9DGsJrfWqYMRvtgb1js9VVxz/GsO
k2quklTi
=rAIX
-----END PGP SIGNATURE-----

Reply via email to