-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 15 Sep 2023 00:25:01 +0200 Source: libapache-mod-jk Architecture: source Version: 1:1.2.49-1 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Closes: 1051956 Changes: libapache-mod-jk (1:1.2.49-1) unstable; urgency=high . * New upstream version 1.2.49. - Fix CVE-2023-41081: The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, mod_jk would use an implicit mapping and map the request to the first defined worker. Such an implicit mapping could result in the unintended exposure of the status worker and/or bypass security constraints configured in httpd. As of JK 1.2.49, the implicit mapping functionality has been removed and all mappings must now be via explicit configuration. (Closes: #1051956) Thanks to Salvatore Bonaccorso for the report. Checksums-Sha1: 56a34e3f63065b09fe365652ebf36e45ea79f911 2545 libapache-mod-jk_1.2.49-1.dsc 25dd674678c424053bca903298d19a3aa1b19b7a 1702479 libapache-mod-jk_1.2.49.orig.tar.gz 0673e5bfba631803510cf8acfca4f05ab30a2495 873 libapache-mod-jk_1.2.49.orig.tar.gz.asc 8c05751a3d16294caf10ba2cefdf705ffc12defc 60712 libapache-mod-jk_1.2.49-1.debian.tar.xz f93d4e6e0b85eb12b9108b1229a1c0b9f2ecf13f 11195 libapache-mod-jk_1.2.49-1_amd64.buildinfo Checksums-Sha256: 2117d18c98b709010d8568e820be14f646c3572a8432e719b3f790f80352053b 2545 libapache-mod-jk_1.2.49-1.dsc 43cb0283c92878e9d4ef110631dbd2beb6b55713c127ce043190b2b308757e9c 1702479 libapache-mod-jk_1.2.49.orig.tar.gz ba9d62262983873aa780aea48332c98b76f888c95016bb50a6ab7ca7497758e3 873 libapache-mod-jk_1.2.49.orig.tar.gz.asc f9e2e1542761c272019cea95ec94941c7f1e304c2bbb1ba89dac9f76a1ea5598 60712 libapache-mod-jk_1.2.49-1.debian.tar.xz b4db2e846ded617f7d58d3edf786b7614d45f01989d883615cea63aafe617e4f 11195 libapache-mod-jk_1.2.49-1_amd64.buildinfo Files: 4ce3ac9cb2a85103cdc802b56635f36a 2545 httpd optional libapache-mod-jk_1.2.49-1.dsc 305f10b491c38f7e9615e832c2f4f336 1702479 httpd optional libapache-mod-jk_1.2.49.orig.tar.gz b7242bca860d92831f9b19d65eba3656 873 httpd optional libapache-mod-jk_1.2.49.orig.tar.gz.asc ebe4ce95bba98d2c55d16396d5a75a2b 60712 httpd optional libapache-mod-jk_1.2.49-1.debian.tar.xz 6852a91e8d1d3718e19a4eb448e4f656 11195 httpd optional libapache-mod-jk_1.2.49-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUDjERfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkgWwP/1EqT4bPb6T1qNC/LF39b8wQSSbONby+XVph NsSBswkx/CPbUY3ZGviCgoZVC3StdzHpc+nQbCjgp0pWJlw7ut0/4Dzv2zw5wILP t79rjN+SciqpiRz1lU/h/B2swQUUXlzTgaRvpJ4Ke7Vqyx99lAokmeXt8RJLQECQ U0LRFb54Siq6p4hldwwkAb4l1l8Qro+2IwDxaxHvobD1aAkmD9ipSGE0hET7iDQW cquuCxu1lMs02eNQ6nHba5yaCboJgjArhdnYwwn1+1oZMuiZLEcv4E6LbJzCFnp0 PoD3ejzdJOjXjgRZEFj2xquBXlvTDoAT2t0X+S910AemjwwM4OmsmwgsKWUH0IkQ Q9yveqcn/uAXjXV3C/e+bbQY53eiCQzyZjlA1bKaCKVgBq3kO38Rpkop/pR5sSSK xpRGDlP7FLw9l1ZlcwdhHGzoKCVK5a9nteHFUswtkHxqbs86C7W24fjvK0LlM5L1 KonizwskPWQ1N0+l536XBpsvH6F/znTpGKcMC109FdSwGWONtUztSnvIdyG0iKTY 8YeauK0ULYhGTwaVn1nT1NCh39BpZNPSOG+l94DwtMtsKsJCQbjuXECtyFtgOSdl rznjJ8Wjz2s1+8aiSQkdDXVq+r7APE5wszY04+zohc00C0LcwN4zK1XpQU2XqUWN mnTb3e3L =bqn+ -----END PGP SIGNATURE-----
