Accepted libapache-mod-jk 1:1.2.49-1 (source) into unstable
- To: debian-devel-changes@lists.debian.org
- Subject: Accepted libapache-mod-jk 1:1.2.49-1 (source) into unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 14 Sep 2023 23:05:45 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: libapache-mod-jk_1.2.49-1_source.changes
- Debian-source: libapache-mod-jk
- Debian-suite: unstable
- Debian-version: 1:1.2.49-1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=qUfrVH97MwVUyZadIrKngz0l8CY3lSiZYVw/T01fle0=; b=sr9tCUXu+2jnfM4R57UzJYlYjx wxgIZgywqUIX76Z7lr61hR8cjRHaP8oXhYhZje966JPmyOGIBeptlnzmxY8yBwW3f4OQ49u83bCtL Wq6+u3hBul6BJM5+TlBm/vBaZcimcE6B2nL6JpQjStNG6SzcmA+OJUpwr0LOEtxeSD333sukoS040 XoLpDD6uoRQ+huH+1V5BCBo2dVnMW2mgf9V/2nLaRzmitRaesu/4ERwG9lMdSn9ogwNCLW9Z3AMPz yQPPqCoLNFRETLJd4B+9ybX517syNwSELtjms9iw4t2V5CIl/pkQ7KPyWZFZhLZGqneX3wE7i6UbX +RMuH+dw==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1qgvP7-008TBT-SK@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 15 Sep 2023 00:25:01 +0200
Source: libapache-mod-jk
Architecture: source
Version: 1:1.2.49-1
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Closes: 1051956
Changes:
libapache-mod-jk (1:1.2.49-1) unstable; urgency=high
.
* New upstream version 1.2.49.
- Fix CVE-2023-41081:
The mod_jk component of Apache Tomcat Connectors in some circumstances,
such as when a configuration included "JkOptions +ForwardDirectories" but
the configuration did not provide explicit mounts for all possible
proxied requests, mod_jk would use an implicit mapping and map the
request to the first defined worker. Such an implicit mapping could
result in the unintended exposure of the status worker and/or bypass
security constraints configured in httpd. As of JK 1.2.49, the implicit
mapping functionality has been removed and all mappings must now be via
explicit configuration. (Closes: #1051956)
Thanks to Salvatore Bonaccorso for the report.
Checksums-Sha1:
56a34e3f63065b09fe365652ebf36e45ea79f911 2545 libapache-mod-jk_1.2.49-1.dsc
25dd674678c424053bca903298d19a3aa1b19b7a 1702479 libapache-mod-jk_1.2.49.orig.tar.gz
0673e5bfba631803510cf8acfca4f05ab30a2495 873 libapache-mod-jk_1.2.49.orig.tar.gz.asc
8c05751a3d16294caf10ba2cefdf705ffc12defc 60712 libapache-mod-jk_1.2.49-1.debian.tar.xz
f93d4e6e0b85eb12b9108b1229a1c0b9f2ecf13f 11195 libapache-mod-jk_1.2.49-1_amd64.buildinfo
Checksums-Sha256:
2117d18c98b709010d8568e820be14f646c3572a8432e719b3f790f80352053b 2545 libapache-mod-jk_1.2.49-1.dsc
43cb0283c92878e9d4ef110631dbd2beb6b55713c127ce043190b2b308757e9c 1702479 libapache-mod-jk_1.2.49.orig.tar.gz
ba9d62262983873aa780aea48332c98b76f888c95016bb50a6ab7ca7497758e3 873 libapache-mod-jk_1.2.49.orig.tar.gz.asc
f9e2e1542761c272019cea95ec94941c7f1e304c2bbb1ba89dac9f76a1ea5598 60712 libapache-mod-jk_1.2.49-1.debian.tar.xz
b4db2e846ded617f7d58d3edf786b7614d45f01989d883615cea63aafe617e4f 11195 libapache-mod-jk_1.2.49-1_amd64.buildinfo
Files:
4ce3ac9cb2a85103cdc802b56635f36a 2545 httpd optional libapache-mod-jk_1.2.49-1.dsc
305f10b491c38f7e9615e832c2f4f336 1702479 httpd optional libapache-mod-jk_1.2.49.orig.tar.gz
b7242bca860d92831f9b19d65eba3656 873 httpd optional libapache-mod-jk_1.2.49.orig.tar.gz.asc
ebe4ce95bba98d2c55d16396d5a75a2b 60712 httpd optional libapache-mod-jk_1.2.49-1.debian.tar.xz
6852a91e8d1d3718e19a4eb448e4f656 11195 httpd optional libapache-mod-jk_1.2.49-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUDjERfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkgWwP/1EqT4bPb6T1qNC/LF39b8wQSSbONby+XVph
NsSBswkx/CPbUY3ZGviCgoZVC3StdzHpc+nQbCjgp0pWJlw7ut0/4Dzv2zw5wILP
t79rjN+SciqpiRz1lU/h/B2swQUUXlzTgaRvpJ4Ke7Vqyx99lAokmeXt8RJLQECQ
U0LRFb54Siq6p4hldwwkAb4l1l8Qro+2IwDxaxHvobD1aAkmD9ipSGE0hET7iDQW
cquuCxu1lMs02eNQ6nHba5yaCboJgjArhdnYwwn1+1oZMuiZLEcv4E6LbJzCFnp0
PoD3ejzdJOjXjgRZEFj2xquBXlvTDoAT2t0X+S910AemjwwM4OmsmwgsKWUH0IkQ
Q9yveqcn/uAXjXV3C/e+bbQY53eiCQzyZjlA1bKaCKVgBq3kO38Rpkop/pR5sSSK
xpRGDlP7FLw9l1ZlcwdhHGzoKCVK5a9nteHFUswtkHxqbs86C7W24fjvK0LlM5L1
KonizwskPWQ1N0+l536XBpsvH6F/znTpGKcMC109FdSwGWONtUztSnvIdyG0iKTY
8YeauK0ULYhGTwaVn1nT1NCh39BpZNPSOG+l94DwtMtsKsJCQbjuXECtyFtgOSdl
rznjJ8Wjz2s1+8aiSQkdDXVq+r7APE5wszY04+zohc00C0LcwN4zK1XpQU2XqUWN
mnTb3e3L
=bqn+
-----END PGP SIGNATURE-----