Ubuntu Security Notice 4558-1 - It was discovered that libapreq2 did not properly sanitize the Content-Type field in certain, crafted HTTP requests. An attacker could use this vulnerability to cause libapreq2 to crash.
0f30c7af281d84dac651e300978d28e37afc2f319de0fb84cbac40a96464d2a9
Debian Linux Security Advisory 4541-1 - Max Kellermann reported a NULL pointer dereference flaw in libapreq2, a generic Apache request library, allowing a remote attacker to cause a denial of service against an application using the library (application crash) if an invalid nested "multipart" body is processed.
649abb20d20f62be6dba27057de7c84ad5ccc7c42bdd2436d183fc52cfd6395d