From ${URL} : The IIS/ISAPI specific code implements special handling when a virtual host is present. The virtual host name and the URI are concatenated to create a virtual host mapping rule. It was found that the length checks prior to writing to the target buffer for this rule did not take account of the length of the virtual host name, creating the potential for a buffer overflow. Upstream patch: https://svn.apache.org/viewvc?view=revision&revision=1762057 External References: https://tomcat.apache.org/security-jk.html#Fixed_in_Apache_Tomcat_JK_Connector_1.2.42 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
# Michał Górny <mgorny@gentoo.org> (05 Jun 2017) # (on behalf of Treecleaner project) # Unmaintained in Gentoo. Security vulnerability. No reverse # dependencies. Removal in 30 days. Bug #551216. www-apache/mod_jk
The package has been cleaned up as part of bug 551216. Can we close this bug?