Package: release.debian.org Severity: normal Tags: bullseye User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: libapr...@packages.debian.org, Salvatore Bonaccorso <car...@debian.org> Control: affects -1 + src:libapreq2
I've uploaded prepared an security update of libapreq2 for LTS and ELTS. The proposed upload fixes the CVE also for bullseye. CVE-2022-22728: A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. I've conducted tests with e.g the reverse dependency rapache (libapache2-mod-r-base) -- tobi
