2 matches found
CLSA-2023-1686586528 Fix CVE(s): CVE-2020-1938, CVE-2022-42252
SECURITY UPDATE: Apache Tomcat request smuggling - debian/patches/CVE-2022-42252.patch: Requests with invalid content-length should always be rejected. - CVE-2022-42252 SECURITY UPDATE: AJP Request Injection and potential Remote Code Execution - debian/patches/CVE-2020-1938.patch: Add new AJP...
CLSA-2022-1655757814 Fix CVE(s): CVE-2020-1938, CVE-2020-9484, CVE-2021-25329
Fix build process: - debian/keystores/.pem|.jks: update expiring certs and keystores - debian/patches/0028-update-expiring-test-certs.patch: update expiring test certs - debian/patches/0029-fix-path-to-valid-keystore.patch: fix path to valid keystore - debian/patches/0030-use-tls12-in-tests.patch...