diff -u libapache-mod-jk-1.2.14.1/debian/changelog libapache-mod-jk-1.2.14.1/debian/changelog --- libapache-mod-jk-1.2.14.1/debian/changelog +++ libapache-mod-jk-1.2.14.1/debian/changelog @@ -1,3 +1,12 @@ +libapache-mod-jk (1:1.2.14.1-2ubuntu1.1) dapper-security; urgency=low + + * SECURITY UPDATE: Forward unparsed URI to tomcat. + * patches added: cve-2007-1860.dpatch. (Fixes LP: #119739) + * References + CVE-2007-1860 + + -- Lionel Porcheron Sun, 10 Jun 2007 21:28:13 +0200 + libapache-mod-jk (1:1.2.14.1-2ubuntu1) dapper; urgency=low * Change workers.tomcat_home to tomcat5, and point java_home to kaffe in diff -u libapache-mod-jk-1.2.14.1/debian/patches/00list libapache-mod-jk-1.2.14.1/debian/patches/00list --- libapache-mod-jk-1.2.14.1/debian/patches/00list +++ libapache-mod-jk-1.2.14.1/debian/patches/00list @@ -1,0 +2 @@ +cve-2007-1860.dpatch only in patch2: unchanged: --- libapache-mod-jk-1.2.14.1.orig/debian/patches/cve-2007-1860.dpatch +++ libapache-mod-jk-1.2.14.1/debian/patches/cve-2007-1860.dpatch @@ -0,0 +1,18 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## cve-2007-1860.dpatch by Lionel Porcheron +## +## DP: By default mod_jk forwards the original unchanged request URL to Tomcat + +@DPATCH@ +diff -urNad libapache-mod-jk-1.2.14.1~/jk/native/common/jk_global.h libapache-mod-jk-1.2.14.1/jk/native/common/jk_global.h +--- libapache-mod-jk-1.2.14.1~/jk/native/common/jk_global.h 2005-06-14 17:44:22.000000000 +0200 ++++ libapache-mod-jk-1.2.14.1/jk/native/common/jk_global.h 2007-06-10 21:33:26.000000000 +0200 +@@ -202,7 +202,7 @@ + #define JK_OPT_FWDURICOMPATUNPARSED 0x0002 + #define JK_OPT_FWDURIESCAPED 0x0003 + +-#define JK_OPT_FWDURIDEFAULT JK_OPT_FWDURICOMPAT ++#define JK_OPT_FWDURIDEFAULT JK_OPT_FWDURICOMPATUNPARSED + + #define JK_OPT_FWDKEYSIZE 0x0004 +