Format: 1.8
Date: Fri, 15 Sep 2023 00:25:01 +0200
Source: libapache-mod-jk
Binary: libapache-mod-jk-doc libapache2-mod-jk libapache2-mod-jk-dbgsym
Architecture: all arm64
Version: 1:1.2.49-1
Distribution: sid
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libapache-mod-jk-doc - Documentation of libapache2-mod-jk package
 libapache2-mod-jk - Apache 2 connector for the Tomcat Java servlet engine
Closes: 1051956
Changes:
 libapache-mod-jk (1:1.2.49-1) unstable; urgency=high
 .
   * New upstream version 1.2.49.
     - Fix CVE-2023-41081:
       The mod_jk component of Apache Tomcat Connectors in some circumstances,
       such as when a configuration included "JkOptions +ForwardDirectories" but
       the configuration did not provide explicit mounts for all possible
       proxied requests, mod_jk would use an implicit mapping and map the
       request to the first defined worker. Such an implicit mapping could
       result in the unintended exposure of the status worker and/or bypass
       security constraints configured in httpd. As of JK 1.2.49, the implicit
       mapping functionality has been removed and all mappings must now be via
       explicit configuration. (Closes: #1051956)
       Thanks to Salvatore Bonaccorso for the report.
Checksums-Sha1:
 7e5bbcc649b05ddca65aa411d7b1617eb84f5c35 336060 libapache-mod-jk-doc_1.2.49-1_all.deb
 6467093aedd4d344309999b231a2c95c885aad0f 11052 libapache-mod-jk_1.2.49-1_arm64.buildinfo
 0a961d29e74f1aa05fd6046fc043872c7fda5ca7 413380 libapache2-mod-jk-dbgsym_1.2.49-1_arm64.deb
 d077d571a74e7b4c9e001434f6d044bdaebd541a 150716 libapache2-mod-jk_1.2.49-1_arm64.deb
Checksums-Sha256:
 037be3884ce3a6ac07de5636b2021313cf8e734d81e252a92a7cc67e09741280 336060 libapache-mod-jk-doc_1.2.49-1_all.deb
 a031d548e240df41f2e35090e2d789d375fb7813bd9a7375a742ada4606b2eab 11052 libapache-mod-jk_1.2.49-1_arm64.buildinfo
 59efa2b3a8548d38f4afed19fd2ccb50bff942bc991cd6ff1fd8e967850e695f 413380 libapache2-mod-jk-dbgsym_1.2.49-1_arm64.deb
 dcd7d057ecdef2e10c0735e4a65eedf294eb34922bd37a904df4b7fdb333b2a8 150716 libapache2-mod-jk_1.2.49-1_arm64.deb
Files:
 44b99b52075d9ce421ac17c9767f26bb 336060 doc optional libapache-mod-jk-doc_1.2.49-1_all.deb
 0a315dfbb7c47bc5f0218519a8d805e8 11052 httpd optional libapache-mod-jk_1.2.49-1_arm64.buildinfo
 1503381f8dfb4ce16617805d34d27ed5 413380 debug optional libapache2-mod-jk-dbgsym_1.2.49-1_arm64.deb
 fa58560a1ffcb3db11a3c4f8f41e0f4d 150716 httpd optional libapache2-mod-jk_1.2.49-1_arm64.deb