==========================================================================
Ubuntu Security Notice USN-6770-1
May 09, 2024

fossil regression

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 24.04 LTS
• Ubuntu 23.10
• Ubuntu 22.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 18.04 LTS
• Ubuntu 16.04 LTS

Summary:

Fossil regression

Software Description:

• fossil: DSCM with built-in wiki, http interface and server, tickets datab

Details:

USN-6729-1 fixed vulnerabilities in Apache HTTP Server. The
update lead to the discovery of a regression in Fossil with
regards to the handling of POST requests that do not have a
Content-Length field set. This update fixes the problem.

We apologize for the inconvenience.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
fossil 1:2.23-1ubuntu0.1

Ubuntu 23.10
fossil 1:2.22-1ubuntu0.1

Ubuntu 22.04 LTS
fossil 1:2.18-1ubuntu0.1

Ubuntu 20.04 LTS
fossil 1:2.10-1ubuntu0.1

Ubuntu 18.04 LTS
fossil 1:2.5-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
fossil 1:1.33-3ubuntu0.1~esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6770-1
https://launchpad.net/bugs/2064509

Package Information:
https://launchpad.net/ubuntu/+source/fossil/1:2.23-1ubuntu0.1
https://launchpad.net/ubuntu/+source/fossil/1:2.22-1ubuntu0.1
https://launchpad.net/ubuntu/+source/fossil/1:2.18-1ubuntu0.1
https://launchpad.net/ubuntu/+source/fossil/1:2.10-1ubuntu0.1