Le 03/05/2021 à 23:29, Atle Solbakken a écrit : > Package: apache2 > Version: 2.4.38-3+deb10u4 > Severity: normal > Tags: patch > > Hi > > The current version has a race condition in mod_unique_id causing non-unique > IDs to be > generated (multiple threads are using a counter without any mutex). > > I've encountered the issue in a production situation myself. > > There issue has been fixed upstream. > > https://svn.apache.org/viewvc?view=revision&revision=1887244 > https://svn.apache.org/viewvc?view=revision&revision=1887245 > > I've tried to compile the patch on top of the current stable version 2.0.38 > which seems > to work. Upstream, the patch is only available from 2.0.47 and it's currently > in experimental. > > Maybe it can be applied to 2.0.38 aswell. > > Best regards > Atle Solbakken
Hi, Debian Buster is "stable", it means that to avoid regression, only critical patches are applies (security or grave bug). So this patch won't probably be accepted by Debian release team. This bug will be fixed in Debian unstable with Apache 2.0.48 and be part of: * next Debian 12 (~2023) * Debian backports for Bullseye * maybe Debian backports for Buster (buster-backports-sloppy) Cheers, Yadd
