==========================================================================
Ubuntu Security Notice USN-6770-1
May 09, 2024

fossil regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Fossil regression

Software Description:
- fossil: DSCM with built-in wiki, http interface and server, tickets datab

Details:

USN-6729-1 fixed vulnerabilities in Apache HTTP Server. The
update lead to the discovery of a regression in Fossil with
regards to the handling of POST requests that do not have a
Content-Length field set. This update fixes the problem.

We apologize for the inconvenience.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   fossil                          1:2.23-1ubuntu0.1

Ubuntu 23.10
   fossil                          1:2.22-1ubuntu0.1

Ubuntu 22.04 LTS
   fossil                          1:2.18-1ubuntu0.1

Ubuntu 20.04 LTS
   fossil                          1:2.10-1ubuntu0.1

Ubuntu 18.04 LTS
   fossil                          1:2.5-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   fossil                          1:1.33-3ubuntu0.1~esm1
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6770-1
   https://launchpad.net/bugs/2064509

Package Information:
   https://launchpad.net/ubuntu/+source/fossil/1:2.23-1ubuntu0.1
   https://launchpad.net/ubuntu/+source/fossil/1:2.22-1ubuntu0.1
   https://launchpad.net/ubuntu/+source/fossil/1:2.18-1ubuntu0.1
   https://launchpad.net/ubuntu/+source/fossil/1:2.10-1ubuntu0.1