[Git][security-tracker-team/security-tracker][master] CVE-2024-38473/apache2
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: a8dcb669 by Bastien Roucariès at 2024-07-18T21:16:19+00:00 CVE-2024-38473/apache2 Add another regression - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4693,7 +4693,9 @@ CVE-2024-38473 (Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and e NOTE: Fixed by [3/4] https://github.com/apache/httpd/commit/cc00cf6b4e37370897daddc307bf1deecf8fedfa NOTE: Fixed by [4/4] https://github.com/apache/httpd/commit/4326d6b9041a3bcb9b529f9163d0761c2d760700 NOTE: Regression identified in https://bz.apache.org/bugzilla/show_bug.cgi?id=69160 - NOTE: May be fixed (partially?) by https://github.com/apache/httpd/commit/2f2f82a2225c5c3b6bb2fa4056541682e34763d4 + NOTE: Regression related to https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2073515 + NOTE: Partially fixed by https://github.com/apache/httpd/commit/2f2f82a2225c5c3b6bb2fa4056541682e34763d4 + NOTE: Another regression with space likely fixed in https://bz.apache.org/bugzilla/show_bug.cgi?id=69203 CVE-2024-38472 (SSRF in Apache HTTP Server on Windows allows to potentially leak NTML ...) - apache2 2.4.60-1 (unimportant) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38472 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8dcb669305ed2cfc2d4e25cd32a1d90f85cf2c0 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8dcb669305ed2cfc2d4e25cd32a1d90f85cf2c0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2024-38473/apache2 regression
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 1b55626a by Bastien Roucariès at 2024-07-18T19:47:20+00:00 CVE-2024-38473/apache2 regression Add a regression for apache2 fix - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4616,6 +4616,9 @@ CVE-2024-38473 (Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and e NOTE: Fixed by [2/4] https://github.com/apache/httpd/commit/6b8e043ce4f27114e6ae1b8176b629b7cb3fbbce NOTE: Fixed by [3/4] https://github.com/apache/httpd/commit/cc00cf6b4e37370897daddc307bf1deecf8fedfa NOTE: Fixed by [4/4] https://github.com/apache/httpd/commit/4326d6b9041a3bcb9b529f9163d0761c2d760700 + NOTE: Regression identified in https://bz.apache.org/bugzilla/show_bug.cgi?id=69160 + NOTE: Debian bug of regression https://bugs.debian.org/1076531 + NOTE: May be fixed (partially?) by https://github.com/apache/httpd/commit/2f2f82a2225c5c3b6bb2fa4056541682e34763d4 CVE-2024-38472 (SSRF in Apache HTTP Server on Windows allows to potentially leak NTML ...) - apache2 2.4.60-1 (unimportant) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38472 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b55626a9c67904cfb0e7ab0aca4d076c3c5cd2b -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b55626a9c67904cfb0e7ab0aca4d076c3c5cd2b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2024-38473/apache2
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: e2ed15b8 by Bastien Roucariès at 2024-07-11T21:40:39+00:00 CVE-2024-38473/apache2 One of the identified fix is in fact CVE-2024-39573 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2631,11 +2631,10 @@ CVE-2024-38473 (Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and e NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38473 NOTE: https://github.com/apache/httpd/pull/457 NOTE: https://github.com/apache/httpd/pull/458 - NOTE: Fixed by [1/5] https://github.com/apache/httpd/commit/b10cb2d69184843832d501a615abe3e8e5e256dc - NOTE: Fixed by [2/5] https://github.com/apache/httpd/commit/6b8e043ce4f27114e6ae1b8176b629b7cb3fbbce - NOTE: Fixed by [3/5] https://github.com/apache/httpd/commit/93aec0e3ca451bcc97f6d91c14d5399d13a73365 - NOTE: Fixed by [4/5] https://github.com/apache/httpd/commit/cc00cf6b4e37370897daddc307bf1deecf8fedfa - NOTE: Fixed by [5/5] https://github.com/apache/httpd/commit/4326d6b9041a3bcb9b529f9163d0761c2d760700 + NOTE: Fixed by [1/4] https://github.com/apache/httpd/commit/b10cb2d69184843832d501a615abe3e8e5e256dc + NOTE: Fixed by [2/4] https://github.com/apache/httpd/commit/6b8e043ce4f27114e6ae1b8176b629b7cb3fbbce + NOTE: Fixed by [3/4] https://github.com/apache/httpd/commit/cc00cf6b4e37370897daddc307bf1deecf8fedfa + NOTE: Fixed by [4/4] https://github.com/apache/httpd/commit/4326d6b9041a3bcb9b529f9163d0761c2d760700 CVE-2024-38472 (SSRF in Apache HTTP Server on Windows allows to potentially leak NTML ...) - apache2 2.4.60-1 (unimportant) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38472 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2ed15b8e8e35c7c54921a4b76bd1a912a9fed9a -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2ed15b8e8e35c7c54921a4b76bd1a912a9fed9a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2024-38473/apache2
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: a3019397 by Bastien Roucariès at 2024-07-09T18:20:16+00:00 CVE-2024-38473/apache2 Add pull request (including some bug report) and commit fixing the CVE - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1324,6 +1324,13 @@ CVE-2024-38474 (Substitution encoding issue in mod_rewrite in Apache HTTP Server CVE-2024-38473 (Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier ...) - apache2 2.4.60-1 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38473 + NOTE: https://github.com/apache/httpd/pull/457 + NOTE: https://github.com/apache/httpd/pull/458 + NOTE: Fixed by [1/5] https://github.com/apache/httpd/commit/b10cb2d69184843832d501a615abe3e8e5e256dc + NOTE: Fixed by [2/5] https://github.com/apache/httpd/commit/6b8e043ce4f27114e6ae1b8176b629b7cb3fbbce + NOTE: Fixed by [3/5] https://github.com/apache/httpd/commit/93aec0e3ca451bcc97f6d91c14d5399d13a73365 + NOTE: Fixed by [4/5] https://github.com/apache/httpd/commit/cc00cf6b4e37370897daddc307bf1deecf8fedfa + NOTE: Fixed by [5/5] https://github.com/apache/httpd/commit/4326d6b9041a3bcb9b529f9163d0761c2d760700 CVE-2024-38472 (SSRF in Apache HTTP Server on Windows allows to potentially leak NTML ...) - apache2 2.4.60-1 (unimportant) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38472 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3019397586a48f853c6285e7a1ffd50dfc8058c -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3019397586a48f853c6285e7a1ffd50dfc8058c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits