Register | Log in

libapache-mod-jk

Choose email to subscribe with

general

source: libapache-mod-jk (main)
version: 1:1.2.46-1
maintainer: Debian Java Maintainers (archive) [DMD]
uploaders: Markus Koschany [DMD]
arch: all any
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1:1.2.37-1+deb7u1
o-o-sec: 1:1.2.37-1+deb7u1
oldstable: 1:1.2.37-4+deb8u1
old-sec: 1:1.2.37-4+deb8u1
stable: 1:1.2.42-1
testing: 1:1.2.46-1
unstable: 1:1.2.46-1

versioned links

1:1.2.37-1+deb7u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.2.37-4+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.2.42-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:1.2.46-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libapache-mod-jk-doc
libapache2-mod-jk

action needed

1 security issue in stretch high

There is 1 open security issue in stretch.

1 important issue:

CVE-2018-11759: The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.

Please fix it.

Created: 2018-10-31 Last update: 2018-11-02 04:30

1 security issue in jessie high

There is 1 open security issue in jessie.

1 important issue:

CVE-2018-11759: The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.

Please fix it.

Created: 2018-10-31 Last update: 2018-11-02 04:30

lintian reports 1 error and 2 warnings high

Lintian reports 1 error and 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2018-04-13 Last update: 2018-10-11 04:46

Depends on packages which need a new maintainer normal

The packages that libapache-mod-jk depends on which need a new maintainer are:

apache2 (#910917)
- Depends: apache2-bin
- Build-Depends: apache2-dev

Created: 2018-10-13 Last update: 2018-11-19 22:56

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

libapache-mod-jk-doc could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2018-11-19 20:48

news

[2018-10-19] libapache-mod-jk 1:1.2.46-1 MIGRATED to testing (Debian testing watch)
[2018-10-14] Accepted libapache-mod-jk 1:1.2.46-1 (source) into unstable (Markus Koschany)
[2018-10-11] libapache-mod-jk 1:1.2.44-3 MIGRATED to testing (Debian testing watch)
[2018-10-06] Accepted libapache-mod-jk 1:1.2.44-3 (source) into unstable (Markus Koschany)
[2018-10-03] Accepted libapache-mod-jk 1:1.2.44-2 (source) into unstable (Markus Koschany)
[2018-10-01] Accepted libapache-mod-jk 1:1.2.44-1 (source) into unstable (Markus Koschany)
[2018-03-18] libapache-mod-jk 1:1.2.43-1 MIGRATED to testing (Debian testing watch)
[2018-03-12] Accepted libapache-mod-jk 1:1.2.43-1 (source) into unstable (Emmanuel Bourg)
[2016-10-14] libapache-mod-jk 1:1.2.42-1 MIGRATED to testing (Debian testing watch)
[2016-10-08] Accepted libapache-mod-jk 1:1.2.42-1 (source) into unstable (Markus Koschany)
[2015-11-05] libapache-mod-jk 1:1.2.41-1 MIGRATED to testing (Britney)
[2015-10-31] Accepted libapache-mod-jk 1:1.2.41-1 (source) into unstable (Markus Koschany)
[2015-06-09] Accepted libapache-mod-jk 1:1.2.30-1squeeze2 (source amd64 all) into squeeze-lts (Markus Koschany) (signed by: Raphaël Hertzog)
[2015-06-08] Accepted libapache-mod-jk 1:1.2.37-4+deb8u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Markus Koschany) (signed by: Salvatore Bonaccorso)
[2015-05-24] libapache-mod-jk 1:1.2.40+svn150520-1 MIGRATED to testing (Britney)
[2015-05-22] Accepted libapache-mod-jk 1:1.2.40+svn150520-1 (source all amd64) into unstable (Markus Koschany) (signed by: tony mancill)
[2014-11-23] libapache-mod-jk 1:1.2.37-4 MIGRATED to testing (Britney)
[2014-11-17] Accepted libapache-mod-jk 1:1.2.37-4 (source amd64 all) into unstable (Emmanuel Bourg)
[2013-08-23] libapache-mod-jk 1:1.2.37-3 MIGRATED to testing (Debian testing watch)
[2013-08-12] Accepted libapache-mod-jk 1:1.2.37-3 (source amd64 all) (Damien Raude-Morvan)
[2013-08-02] libapache-mod-jk 1:1.2.37-2 MIGRATED to testing (Debian testing watch)
[2013-06-01] Accepted libapache-mod-jk 1:1.2.37-2 (source amd64 all) (Damien Raude-Morvan)
[2012-06-14] libapache-mod-jk 1:1.2.37-1 MIGRATED to testing (Debian testing watch)
[2012-06-03] Accepted libapache-mod-jk 1:1.2.37-1 (source all amd64) (Damien Raude-Morvan)
[2012-05-29] libapache-mod-jk 1:1.2.36-1 MIGRATED to testing (Debian testing watch)
[2012-05-18] Accepted libapache-mod-jk 1:1.2.36-1 (source all amd64) (Damien Raude-Morvan)
[2012-04-04] Accepted libapache-mod-jk 1:1.2.35-1 (source all amd64) (Damien Raude-Morvan)
[2012-02-14] libapache-mod-jk 1:1.2.32-2 MIGRATED to testing (Debian testing watch)
[2012-02-04] Accepted libapache-mod-jk 1:1.2.32-2 (source all amd64) (tony mancill)
[2011-07-24] libapache-mod-jk 1:1.2.32-1 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian (1, 2)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:1.2.46-1
6 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing