Control: tags -1 + confirmed On Thu, 2023-01-19 at 20:47 +0100, Tobias Frost wrote: > I've uploaded prepared an security update of libapreq2 for LTS and > ELTS. > The proposed upload fixes the CVE also for bullseye. > > CVE-2022-22728: > > A flaw in Apache libapreq2 versions 2.16 and earlier could cause a > buffer > overflow while processing multipart form uploads. A remote attacker > could send > a request causing a process crash which could lead to a denial of > service > attack. >
Please go ahead, with the changes suggested by Salvatore. Regards, Adam