changes_fields:
Architecture: all arm64
Binary: libapache-mod-jk-doc libapache2-mod-jk libapache2-mod-jk-dbgsym
Changed-By: Markus Koschany <apo@debian.org>
Changes: |2-
libapache-mod-jk (1:1.2.49-1) unstable; urgency=high
.
* New upstream version 1.2.49.
- Fix CVE-2023-41081:
The mod_jk component of Apache Tomcat Connectors in some circumstances,
such as when a configuration included "JkOptions +ForwardDirectories" but
the configuration did not provide explicit mounts for all possible
proxied requests, mod_jk would use an implicit mapping and map the
request to the first defined worker. Such an implicit mapping could
result in the unintended exposure of the status worker and/or bypass
security constraints configured in httpd. As of JK 1.2.49, the implicit
mapping functionality has been removed and all mappings must now be via
explicit configuration. (Closes: #1051956)
Thanks to Salvatore Bonaccorso for the report.
Checksums-Sha1:
- name: libapache-mod-jk-doc_1.2.49-1_all.deb
sha1: 7e5bbcc649b05ddca65aa411d7b1617eb84f5c35
size: '336060'
- name: libapache-mod-jk_1.2.49-1_arm64.buildinfo
sha1: 6467093aedd4d344309999b231a2c95c885aad0f
size: '11052'
- name: libapache2-mod-jk-dbgsym_1.2.49-1_arm64.deb
sha1: 0a961d29e74f1aa05fd6046fc043872c7fda5ca7
size: '413380'
- name: libapache2-mod-jk_1.2.49-1_arm64.deb
sha1: d077d571a74e7b4c9e001434f6d044bdaebd541a
size: '150716'
Checksums-Sha256:
- name: libapache-mod-jk-doc_1.2.49-1_all.deb
sha256: 037be3884ce3a6ac07de5636b2021313cf8e734d81e252a92a7cc67e09741280
size: '336060'
- name: libapache-mod-jk_1.2.49-1_arm64.buildinfo
sha256: a031d548e240df41f2e35090e2d789d375fb7813bd9a7375a742ada4606b2eab
size: '11052'
- name: libapache2-mod-jk-dbgsym_1.2.49-1_arm64.deb
sha256: 59efa2b3a8548d38f4afed19fd2ccb50bff942bc991cd6ff1fd8e967850e695f
size: '413380'
- name: libapache2-mod-jk_1.2.49-1_arm64.deb
sha256: dcd7d057ecdef2e10c0735e4a65eedf294eb34922bd37a904df4b7fdb333b2a8
size: '150716'
Closes: '1051956'
Date: Fri, 15 Sep 2023 00:25:01 +0200
Description: |2-
libapache-mod-jk-doc - Documentation of libapache2-mod-jk package
libapache2-mod-jk - Apache 2 connector for the Tomcat Java servlet engine
Distribution: sid
Files:
- md5sum: 44b99b52075d9ce421ac17c9767f26bb
name: libapache-mod-jk-doc_1.2.49-1_all.deb
priority: optional
section: doc
size: '336060'
- md5sum: 0a315dfbb7c47bc5f0218519a8d805e8
name: libapache-mod-jk_1.2.49-1_arm64.buildinfo
priority: optional
section: httpd
size: '11052'
- md5sum: 1503381f8dfb4ce16617805d34d27ed5
name: libapache2-mod-jk-dbgsym_1.2.49-1_arm64.deb
priority: optional
section: debug
size: '413380'
- md5sum: fa58560a1ffcb3db11a3c4f8f41e0f4d
name: libapache2-mod-jk_1.2.49-1_arm64.deb
priority: optional
section: httpd
size: '150716'
Format: '1.8'
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Source: libapache-mod-jk
Urgency: high
Version: 1:1.2.49-1
type: dpkg