Debian 10 Buster: DLA-3819-1 Moderate: Apache Security Fix for Fossil
debian lts
May 25, 2024
Fossil was broken by fixes of CVE-2024-24795 for apache2 package, and needed an update
Topics Covered
Summary
As part of the security fix, the Apache webserver
mod_cgi module has stopped relaying the Content-Length field
of the HTTP reply header from the CGI programs back to the client
in cases where the connection is to be closed and the client
is able to read until end-of-file.
Fossil was fixed by reading the whole input,
re-allocating the input buffer to fit as more input is received,
instead of trusting the CONTENT_LENGTH variable.
For Debian 10 buster, this problem has been fixed in version
1:2.8-1+deb10u1.
We recommend that you upgrade your fossil packages.
For the detailed security status of fossil please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/fossil
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
PREVIOUS 
NEXT Package: fossil
Version: 1:2.8-1+deb10u1
CVE ID: CVE-2024-24795
Debian Bug: 1070069
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!