[SECURITY] [DLA 3127-1] libhttp-daemon-perl security update

[Thorsten Alteholz]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3127-1                debian-...@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
September 30, 2022                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package        : libhttp-daemon-perl
Version        : 6.01-3+deb10u1
CVE ID         : CVE-2022-31081


An issue has been found in libhttp-daemon-perl, a simple http server 
class.
Due to insufficient Content-Length: handling in HTTP-header an attacker 
could gain privileged access to APIs or poison intermediate caches.


For Debian 10 buster, this problem has been fixed in version
6.01-3+deb10u1.

We recommend that you upgrade your libhttp-daemon-perl packages.

For the detailed security status of libhttp-daemon-perl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libhttp-daemon-perl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmM3Ec9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEed6g/+NhrTpFlCXAIXOw8ny2P/VZoQ2E09tEfrnnD7djFC1mFyhTo1D1P6MH7W
ec4lLDcpUePcsFBJZzEvoQdxh1K1SKuTtYGvdRH9tve97Z2K2K4bpUYZx221xp+o
2GHQ1e1WjbGPBh1uHLEdPcG3KzqPYV4Bws+HxEY43g8+L2z7esUBC6fVslppZqu/
85s2H/7N6vO3Q40urLaaDgCb7Qb/zEBKgpjZnO7+eNgyAYTUHyPdxAWMyF1mu03i
V3XezgW+lIAEQ30uoOattWB/aIoaNO7n9COxZdYpnZowvjQJMtfGrRmzpG2UOk8u
yRqcl2PckzJeFw7xthOgcYJTCfeGnIG7uF5IfWqGOwDf0tuTdKsSZXqD22A1xEBf
t1K8E7tMuN14psMP2/JKmKKSXl3Oxgexzo3bPUdxqK/be44HfBETPQKemTF7trsA
aaKVmnmxbClwVlQtcSGMDJ71rHx8eNdjn86EvS9KYE86cM78i6YLlcDdT0+9cEWb
p0kVPqGy9bAushjJAPaYAZSorbtMRew+9FNHA04U2mhUKsjXipxrCMEaEe4UhlvF
acGwj0jEG0EsJMymKysSP7JK2BG+x0iRaiiVUhfwWY/9CjbYRh1Z+D9HYY4ouSQi
2icFidzfgDYrgI1McK+Lcq39q1lqZwwvdm5YqzWsNsb0KRfAZ3Q=
=oOd7
-----END PGP SIGNATURE-----