ELA-632-2 apache2 regression update

loss of request parameters

2022-07-23
Packageapache2
Version2.4.10-10+deb8u24 (jessie)

The patch for CVE-2022-31813 caused a regression in the apache2 package for Debian 8 jessie, which resulted in some request parameters being lost in modproxy and modproxy_http configurations. This version corrects the regression and implements the intended fix without request parameters being lost.

Note that this regression only affects the apache2 package for Debian 8 jessie. The apache2 package for Debian 9 stretch which was published under the original advisory ELA-632-1 is not affected by this regression.

For Debian 8 jessie, these problems have been fixed in version 2.4.10-10+deb8u24.

We recommend that you upgrade your apache2 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/