From aa463ee2f5f7a7b16a7964f2c7d9305ea819851d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
Date: Mon, 8 Jun 2026 10:05:01 +0200
Subject: [PATCH] Added wrong patch by mistake.

Resolves: RHEL-182418 - mod_http2: HTTP/2: Remote Denial of Service via

  compression bomb and Slowloris-style attack (CVE-2026-49975)
---
 mod_http2-1.15.7-CVE-2026-49975.patch | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/mod_http2-1.15.7-CVE-2026-49975.patch b/mod_http2-1.15.7-CVE-2026-49975.patch
index 3fd541d..4919de4 100644
--- a/mod_http2-1.15.7-CVE-2026-49975.patch
+++ b/mod_http2-1.15.7-CVE-2026-49975.patch
@@ -20,8 +20,8 @@ index c20e879..6b683ab 100644
      else if (H2_HD_MATCH_LIT("cookie", name, nlen)) {
          existing = apr_table_get(headers, "Cookie");
          if (existing) {
-+            if (!nv->valuelen)
-+                return APR_SUCCESS
++            if (!vlen)
++                return APR_SUCCESS;
              /* Cookie headers come separately in HTTP/2, but need
               * to be merged by "; " (instead of default ", ")
               */