security updates are breaking mod_wsgi apps
Bug #1945274 reported by
Dr. Jens Harbott
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apache2 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Seen with both 2.4.48-3.1ubuntu2 for impish and 2.4.41-4ubuntu3.5 for focal.
Steps to reproduce:
- Have a request log for your app as in https:/
- App deployed at /app
- curl http://
Expected (working fine with e.g. 2.4.41-4ubuntu3.4):
- App logs SCRIPT_NAME="/app" and PATH_INFO="/path"
Seen with latest pkgs:
- App logs SCRIPT_NAME="/ap" and PATH_INFO="//path"
CVE References
To post a comment you must log in.
so the culprit seems to be CVE-2021- 36160.patch , if I build the focal version without that patch, the issue is resolved