Hi Matthias,

thanks for submitting this.

Skimming through https://httpd.apache.org/security/vulnerabilities_24.html, I think IPFire is
vulnerable to CVE-2021-34798 ("moderate: NULL pointer dereference in httpd core") only. CVE-2021-39275
would require 3rd party modules, which we don't use, and the rest applies to mod_proxy, which
we don't use either IMHO.

Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>

Thanks, and best regards,
Peter Müller


> For details see:
> https://dlcdn.apache.org//httpd/CHANGES_2.4.49
> 
> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
> ---
>   lfs/apache2 | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/lfs/apache2 b/lfs/apache2
> index ff9de7eb7..e63489e8f 100644
> --- a/lfs/apache2
> +++ b/lfs/apache2
> @@ -25,7 +25,7 @@
>   
>   include Config
>   
> -VER        = 2.4.48
> +VER        = 2.4.49
>   
>   THISAPP    = httpd-$(VER)
>   DL_FILE    = $(THISAPP).tar.bz2
> @@ -45,7 +45,7 @@ objects = $(DL_FILE)
>   
>   $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>   
> -$(DL_FILE)_MD5 = a7088cec171b0d00bf43394ce64d3909
> +$(DL_FILE)_MD5 = f294efbeabcf6027fccc7983a6daa55f
>   
>   install : $(TARGET)
>   
>