Accepted libapache-mod-jk 1:1.2.48-1+deb11u1 (source) into oldstable-proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted libapache-mod-jk 1:1.2.48-1+deb11u1 (source) into oldstable-proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 24 Sep 2023 19:47:33 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: libapache-mod-jk_1.2.48-1+deb11u1_source.changes
- Debian-source: libapache-mod-jk
- Debian-suite: oldstable-proposed-updates
- Debian-version: 1:1.2.48-1+deb11u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=ZX3iXaID+C3ZzUeqAUtkT1c1DFCHU2aCZgjTAv5L5oE=; b=R5eq2rA0vV7VOePZsQCeP/6K1P OxHMpp5y1CNkIUZ8IYfqE/QH1r8npb82ejHKicGatui6OExHhjyUsmZEr3QlQhx2UcAuXEBa6dmKe eaCcrfLlSsM28hFux/SUvODs6bBfJBCXD9k5CiuCVdonzZcO8+yVnoJg4SqSgzRjRRMet+2p7B9nT DWJCTbUKYjaLdoa90Uza4R7Ub5fb0kpgb0V/iGgNH7CVmrsRoby4q6HrpwVuSlL+B0j6xuPuTGXDL gIMYaCrFlzeg2y0DpcH70Du1aWKBgsObSypQ6mCP8ca8L2HGVif3seW48lDYXJCW1wYsOqKn7gvLE TOvRIHZQ==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1qkV4n-000QU9-O2@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 24 Sep 2023 17:09:51 +0200
Source: libapache-mod-jk
Architecture: source
Version: 1:1.2.48-1+deb11u1
Distribution: bullseye
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Closes: 1051956
Changes:
libapache-mod-jk (1:1.2.48-1+deb11u1) bullseye; urgency=high
.
* Fix CVE-2023-41081:
The mod_jk component of Apache Tomcat Connectors, an Apache 2 module to
forward requests from Apache to Tomcat, in some circumstances, such as when
a configuration included "JkOptions +ForwardDirectories" but the
configuration did not provide explicit mounts for all possible proxied
requests, mod_jk would use an implicit mapping and map the request to the
first defined worker. Such an implicit mapping could result in the
unintended exposure of the status worker and/or bypass security constraints
configured in httpd. As of this security update, the implicit mapping
functionality has been removed and all mappings must now be via explicit
configuration. This issue affects Apache Tomcat Connectors (mod_jk only).
(Closes: #1051956)
Checksums-Sha1:
7b98ce89cf68f3675dcd4bc5695fb722e5e1407b 2302 libapache-mod-jk_1.2.48-1+deb11u1.dsc
0f6a8acd0caaf53a4d57ccce03b42575212a13ae 61032 libapache-mod-jk_1.2.48-1+deb11u1.debian.tar.xz
21999a24525942d16874136b0a042d0d7577a41d 10578 libapache-mod-jk_1.2.48-1+deb11u1_amd64.buildinfo
Checksums-Sha256:
b721bfbbc000b834b284ec6a7e330debe645842ecb9422eda9fa990709cf1ac7 2302 libapache-mod-jk_1.2.48-1+deb11u1.dsc
2201ba8a3bb20fa88dfeda7229eaa310ba88dccfb5c140c616040b9c2275dae4 61032 libapache-mod-jk_1.2.48-1+deb11u1.debian.tar.xz
fff3b9e880aff99ac1b87304d6b03b3ccb34e1354ab12cd63cba93a28cd8c3d4 10578 libapache-mod-jk_1.2.48-1+deb11u1_amd64.buildinfo
Files:
2ceb462fee30fd419e7d6afd4225dcdc 2302 httpd optional libapache-mod-jk_1.2.48-1+deb11u1.dsc
362b4e36beff92cbd22cf617fe7ea77a 61032 httpd optional libapache-mod-jk_1.2.48-1+deb11u1.debian.tar.xz
437874e82a498fcf2945e5cdc16e1d86 10578 httpd optional libapache-mod-jk_1.2.48-1+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUQXc5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkIF0QALrFRHoK7a5ZN6/wTDCXcc1U2vCdWWc57WCP
R79J1X7l5BCYil85RdiCqMqAq3QWEvdTJN6qNm7U+M1J+YNpWK4EO/WzQqUqWNAL
BG/vHaL0dQpdbr1e25EB5QXF21CpjtULFil7kLSDvQxpNbmJeNdZpgG8RThBeXsc
FOpOXuuEVXcscOcNZQSFwH7nCxXipVmLMUJn/JQIY7PUkSD7CPGVJ2pzrhVjfJ8v
K3fjrsj9yQlIUNLd4MJtETWFUf7ZtV4+W7uIbiYlJBtHG7AdHeLaj/Oav6EuvVph
EH6Lj2BTEsQuL+EuKRxCYNQpt4e40QJbyhQIqqSvhGUNpQAEjJSZ7qXxniv9GyNs
2a5GX75xfdl1BUclmNbRltICcGEHUoBvDmv+0nABKKr/J/DbVjIC2B5g9AHxqP2F
vD3fLegYY/pSR5s8ZkEqpDcMKJbDnpVluhxhbTvshV62nvJMKqnIr9jpZUOsx8fU
X04ojz69ZJH2RndSRPRcozbNtN4pPqhEEuYxfctQ0zdGOUyuX1OguSheFsrYQyO4
Bp4LzutUctL0uE9UjcOhHkNOyGyPDQAgBmZPTXBrfzGpO1nL8q/jcZa5oJ2p6YgL
8clRyhHcrI/spBFn7R59tL3quGZHyW3h+5bQNgW/VtkMey7bhiUH1lmz3cLAQUUS
FvkTjdjR
=VaAx
-----END PGP SIGNATURE-----