libapache-mod-jk (1:1.2.49-1) [PTS] [DDPO]

OK: VCS matches the version in the archive

Git: https://salsa.debian.org/java-team/libapache-mod-jk.git
JSON
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: master
Path: debian/changelog
Repo size: 221184
Browser: https://salsa.debian.org/java-team/libapache-mod-jk
Last scan: 2024-04-24 15:05:20+00
Next scan: 2024-04-30 16:14:00+00

Debian changelog in Git:

libapache-mod-jk (1:1.2.49-1) unstable; urgency=high

  * New upstream version 1.2.49.
    - Fix CVE-2023-41081:
      The mod_jk component of Apache Tomcat Connectors in some circumstances,
      such as when a configuration included "JkOptions +ForwardDirectories" but
      the configuration did not provide explicit mounts for all possible
      proxied requests, mod_jk would use an implicit mapping and map the
      request to the first defined worker. Such an implicit mapping could
      result in the unintended exposure of the status worker and/or bypass
      security constraints configured in httpd. As of JK 1.2.49, the implicit
      mapping functionality has been removed and all mappings must now be via
      explicit configuration. (Closes: #1051956)
      Thanks to Salvatore Bonaccorso for the report.

 -- Markus Koschany <apo@debian.org>  Fri, 15 Sep 2023 00:25:01 +0200

This branch is even with tag debian/1%1.2.49-1