Discussion:
Bug#1095523: bookworm-pu: package libapache-mod-jk/1:1.2.48-2+deb12u2
Add Reply
Markus Koschany
2025-02-08 21:00:02 UTC
Reply
Permalink
Package: release.debian.org
Severity: normal
Tags: bookworm
User: ***@packages.debian.org
Usertags: pu
X-Debbugs-Cc: libapache-mod-***@packages.debian.org, ***@debian.org
Control: affects -1 + src:libapache-mod-jk


[ Reason ]

Fixing CVE-2024-46544 in bookworm via bookworm-pu. Marked as no-dsa by
the security team.

[ Impact ]

bookworm would be the only vulnerable release

[ Tests ]

The fix only involves to change permissions. No automatic tests were
added.

[ Risks ]

This has been fixed in bullseye for some time and no regressions were
reported. The changes are minimal.

[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable

[ Changes ]

Adding 0004-CVE-2024-46544.patch to change the default permissions.
Debdiff is attached.
Debian Bug Tracking System
2025-02-08 21:00:02 UTC
Reply
Permalink
Post by Markus Koschany
affects -1 + src:libapache-mod-jk
Bug #1095523 [release.debian.org] bookworm-pu: package libapache-mod-jk/1:1.2.48-2+deb12u2
Added indication that 1095523 affects src:libapache-mod-jk
--
1095523: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095523
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
Debian Bug Tracking System
2025-02-18 21:40:01 UTC
Reply
Permalink
tag -1 confirmed
Bug #1095523 [release.debian.org] bookworm-pu: package libapache-mod-jk/1:1.2.48-2+deb12u2
Added tag(s) confirmed.
--
1095523: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095523
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
Jonathan Wiltshire
2025-02-18 21:40:01 UTC
Reply
Permalink
Control: tag -1 confirmed

Please go ahead.

Thanks,
--
Jonathan Wiltshire ***@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Jonathan Wiltshire
2025-02-19 15:40:19 UTC
Reply
Permalink
package release.debian.org
tags 1095523 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==============

Package: libapache-mod-jk
Version: 1.2.48-2+deb12u2

Explanation: set correct default permissions for shared memory [CVE-2024-46544]
Debian Bug Tracking System
2025-02-19 15:40:20 UTC
Reply
Permalink
Post by Jonathan Wiltshire
package release.debian.org
Limiting to bugs with field 'package' containing at least one of 'release.debian.org'
Limit currently set to 'package':'release.debian.org'
Post by Jonathan Wiltshire
tags 1095523 = bookworm pending
Bug #1095523 [release.debian.org] bookworm-pu: package libapache-mod-jk/1:1.2.48-2+deb12u2
Added tag(s) pending; removed tag(s) confirmed.
Post by Jonathan Wiltshire
thanks
Stopping processing here.

Please contact me if you need assistance.
--
1095523: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095523
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
Loading...