Added wrong patch by mistake.

Resolves: RHEL-182418 - mod_http2: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack (CVE-2026-49975)
2026-06-08 10:05:01 +02:00 · 2026-06-08 10:05:01 +02:00 · aa463ee2f5
commit aa463ee2f5
parent b245fef7f0
1 changed files with 2 additions and 2 deletions
--- a/mod_http2-1.15.7-CVE-2026-49975.patch
+++ b/mod_http2-1.15.7-CVE-2026-49975.patch
@ -20,8 +20,8 @@ index c20e879..6b683ab 100644
     else if (H2_HD_MATCH_LIT("cookie", name, nlen)) {
         existing = apr_table_get(headers, "Cookie");
         if (existing) {
-+            if (!nv->valuelen)
-+                return APR_SUCCESS
+            if (!vlen)
+                return APR_SUCCESS;
             /* Cookie headers come separately in HTTP/2, but need
              * to be merged by "; " (instead of default ", ")
              */