File _patchinfo of Package patchinfo.24658

<patchinfo incident="24658">
  <issue tracker="cve" id="2022-29404"/>
  <issue tracker="cve" id="2022-30556"/>
  <issue tracker="cve" id="2022-28615"/>
  <issue tracker="cve" id="2022-26377"/>
  <issue tracker="cve" id="2022-31813"/>
  <issue tracker="cve" id="2022-30522"/>
  <issue tracker="cve" id="2022-28614"/>
  <issue tracker="bnc" id="1200350">VUL-0: CVE-2022-30556: apache2: Information disclosure in mod_lua with websockets</issue>
  <issue tracker="bnc" id="1200345">VUL-0: CVE-2022-29404: apache2: Denial of service in mod_lua r:parsebody</issue>
  <issue tracker="bnc" id="1200352">VUL-0: CVE-2022-30522: apache2: mod_sed denial of service</issue>
  <issue tracker="bnc" id="1200340">VUL-0: CVE-2022-28614: apache2: read beyond bounds via ap_rwrite()</issue>
  <issue tracker="bnc" id="1200338">VUL-0: CVE-2022-26377: apache2:  possible request smuggling in mod_proxy_ajp</issue>
  <issue tracker="bnc" id="1200348">VUL-0: CVE-2022-31813: apache2: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism</issue>
  <issue tracker="bnc" id="1200341">VUL-0: CVE-2022-28615: apache2: Read beyond bounds in ap_strcmp_match()</issue>
  <packager>david.anes</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for apache2</summary>
  <description>This update for apache2 fixes the following issues:

- CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338)
- CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340)
- CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341)
- CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345)
- CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350)
- CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352)
- CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348)
</description>
</patchinfo>