|
|
Subscribe / Log in / New account

Debian alert DLA-1944-1 (libapreq2)



From:
              "Chris Lamb" <lamby@debian.org> 


To:
              debian-lts-announce@lists.debian.org 


Subject:
              [SECURITY] [DLA 1944-1] libapreq2 security update 


Date:
              Thu, 03 Oct 2019 11:49:48 +0100


Message-ID:
              <eefa3485-0b81-4a18-a80e-217da034ef10@www.fastmail.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libapreq2
Version        : 2.13-4+deb8u1
CVE ID         : CVE-2019-12412
Debian Bug     : #939937

It was discovered that there was a remotely-exploitable null pointer
dereference in libapreq2, a library for manipulating HTTP requests.

For Debian 8 "Jessie", this issue has been fixed in libapreq2 version
2.13-4+deb8u1.

We recommend that you upgrade your libapreq2 packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl2V0kIACgkQHpU+J9Qx
Hli3Gw//WKNs9LwYUs3daryTlqjyEe1AinpORyUHQt9MQTs/0z6UU8HkeBlPhDxw
BMNGXuBH4ckF6ha3wQOSkCbt1Nm4dNJe6TMzoOka7a8p6HCBTb+UsrZoR5NukISR
uT682NtpA8J3uN8Zrx2awgbp0aNgFVZlUiwtZo5eUSCW6osa2Jb3cn2ILosuLZs7
8CBx9gDVT6pdTYqNJhX1/9HotjCGv9RhTqCCf5BF1N7l7ebOdSSwafIdNE14fiau
tAqjaeGUAvI/XCqOi2lkLNVkNsWaTRcbTZdOsUzcItwc1wR2mD+FXgZmi6SfmJXz
NptgUZVdWoBMOEFhp2tnVsPFlkf/lIUDpnNJANKEeMnqUdl/zWEbuxB3HLI0hU9m
NPimKI3+lcRUEw24CAaQyEwSMCvSnC4fiOxfEiiC0HOIVSnVfQPo+9lo+GWNjsjy
NbNQX9k3PB+H/gyxQrf9SO7vhBtQKkVeTJnpWF0poAt58nKig/cqObmM4wjVqaJo
8eqGbKxIt5uELDpZDkVbxK93ZvyN3/n3xFP10oH+NNl37SObajCmpI+c/x3IXSGJ
oUxTlOqKYtkF7bX1bJ28c7JA7D04sLpySBBiDhEGLMBw/PxZpWv2IOQiViTa6rMC
+lq0CgAT+J6JBBAc6SQzUHh7V2a84XGT5mZVzTrnXGWrhyZb5Wk=
=0XKv
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds