| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 11-CVE-2022-22728_2of4.patch | CVE-2022-22728 -- multipart form parse memory corruption A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. This is #2 of 4 patches, see alos https://www.openwall.com/lists/oss-security/2023/01/02/2 |
no | debian | https://svn.apache.org/viewvc?view=revision&revision=1894940 | 2023-01-13 | |
| 01-fake-installed-apache.patch | Fake that Apache is installed. Instead of checking version number with apache2 -v, we hard-code a working version. This enables the package to be built without installing a running Apache on the building host. |
Steinar H. Gunderson <sesse@debian.org> | not-needed | vendor | 2010-02-28 | |
| 02-hardcode-usr-prefix.patch | Hard-code apreq2-config --prefix apreq2-config will leak information about the build environment. Hard-code what --prefix returns, so it's at least slightly more sane. |
Steinar H. Gunderson <sesse@debian.org> | not-needed | debian | vendor | 2010-02-28 |
| 03-link-in-apr-shared-objects.patch | Don't try to regenerate Makefiles at installation time, as this will forget to link against the internal copy of libapreq2-dev, which will cause problems when trying to load the module outside Apache. =================================================================== |
no | ||||
| 04-pass-libdir-to-configure.patch | =================================================================== | no | ||||
| 05-nested-multipart-null-dereference.patch | commit f27d15e47000b0442e8071ab0fd76b82df9f2d2f parser_multipart: fix NULL pointer dereference in nested multipart create_multipart_context() can return NULL if the given Content-Type was not recognized (if there is no "boundary" attribute). This crashes libapreq2. This bug was introduced by SVN commit 227276. Prior to this commit, there was a NULL check, but the commit removed it: http://svn.apache.org/viewvc/httpd/apreq/trunk/library/parser_multipart.c?r1=227276&r2=227275&pathrev=227276 diff --git a/library/parser_multipart.c b/library/parser_multipart.c index 60b5bad..4242b7e 100644 |
Max Kellermann <max.kellermann@gmail.com> | no | 2019-09-10 | ||
| 10-CVE-2022-22728_1of4.patch | CVE-2022-22728 -- multipart form parse memory corruption A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. This is #1 of 4 patches, see also https://www.openwall.com/lists/oss-security/2023/01/02/2 |
no | debian | https://svn.apache.org/viewvc?view=revision&revision=1894937 | 2023-01-13 | |
| 12-CVE-2022-22728_3of4.patch | CVE-2022-22728 -- multipart form parse memory corruption A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. This is #3 of 4 patches, see alos https://www.openwall.com/lists/oss-security/2023/01/02/2 |
no | debian | https://svn.apache.org/viewvc?view=revision&revision=1894977 | 2023-01-13 | |
| 13-CVE-2022-22728_4of4.patch | CVE-2022-22728 -- multipart form parse memory corruption A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. This is #4 of 4 patches, see alos https://www.openwall.com/lists/oss-security/2023/01/02/2 |
no | debian | https://svn.apache.org/viewvc?view=revision&revision=1895054 | 2023-01-13 |