apache2: fix the regressions introduced by security upgrade in Bullseye?
Hi folks,
AFAIU apache2 2.4.56-1 has been included in Bullseye to mitigate
CVE-2023-27522 and CVE-2023-25690 (both some mod_proxy issue
with high severity). Good thing.
Unfortunately this introduced 2 regressions for mod_rewrite and
http2, see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033284
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033408
https://metadata.ftp-master.debian.org/changelogs//main/a/apache2/apache2_2.4.56-2_changelog
Would it be possible to fix the upgrade? I can turn off http2,
but I feel *very* bad about running an apache with a broken
mod_rewrite in production.
Thank you very much
Harri
Reply to: