From 55ad4073e1d300aca8d2f10fee697b78a693e02a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bastien=20Roucari=C3=A8s?= <rouca@debian.org>
Date: Fri, 26 Apr 2024 19:00:52 +0000
Subject: CVE-2024-24795/uwsgi

Add uwsgi due to embeded source of apache2 module
---
 data/CVE/list | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/data/CVE/list b/data/CVE/list
index 1c818dba06..83a26e6c51 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -6609,11 +6609,14 @@ CVE-2024-26745 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2024-24795 (HTTP Response splitting in multiple modules in Apache HTTP Server allo ...)
 	{DSA-5662-1}
 	- apache2 2.4.59-1 (bug #1068412)
+	- uwsgi <unfixed> (unimportant)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/5
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-24795
 	NOTE: https://github.com/apache/httpd/commit/a29723ce1af75eed0813c3717d3f6dee9b405ca8
 	NOTE: Fix will trigger a regression at least in fossil see https://bz.apache.org/bugzilla/show_bug.cgi?id=68905
 	NOTE: Fossil fix here: https://fossil-scm.org/home/info/f4ffefe708793b03
+	NOTE: uwsgi include sources of uwgi apache2 module. Since buster we compile the uwsgi module of apache2 source package.
+	NOTE: https://github.com/unbit/uwsgi/issues/2635
 CVE-2023-38709 (Faulty input validation in the core of Apache allows malicious or expl ...)
 	{DSA-5662-1}
 	- apache2 2.4.59-1 (bug #1068412)
-- 
cgit v1.2.3