From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] apache: Update to 2.4.49
Date: Sat, 18 Sep 2021 16:08:42 +0000
Message-ID: <4aaca06f-c794-c287-aa50-c5da0bfbc51d@ipfire.org>
In-Reply-To: <20210918134743.8100-1-matthias.fischer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6736158033428441061=="
List-Id: <development.lists.ipfire.org>

--===============6736158033428441061==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi Matthias,

thanks for submitting this.

Skimming through https://httpd.apache.org/security/vulnerabilities_24.html, I=
 think IPFire is
vulnerable to CVE-2021-34798 ("moderate: NULL pointer dereference in httpd co=
re") only. CVE-2021-39275
would require 3rd party modules, which we don't use, and the rest applies to =
mod_proxy, which
we don't use either IMHO.

Reviewed-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>

Thanks, and best regards,
Peter M=C3=BCller


> For details see:
> https://dlcdn.apache.org//httpd/CHANGES_2.4.49
>=20
> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
> ---
>   lfs/apache2 | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
>=20
> diff --git a/lfs/apache2 b/lfs/apache2
> index ff9de7eb7..e63489e8f 100644
> --- a/lfs/apache2
> +++ b/lfs/apache2
> @@ -25,7 +25,7 @@
>  =20
>   include Config
>  =20
> -VER        =3D 2.4.48
> +VER        =3D 2.4.49
>  =20
>   THISAPP    =3D httpd-$(VER)
>   DL_FILE    =3D $(THISAPP).tar.bz2
> @@ -45,7 +45,7 @@ objects =3D $(DL_FILE)
>  =20
>   $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
>  =20
> -$(DL_FILE)_MD5 =3D a7088cec171b0d00bf43394ce64d3909
> +$(DL_FILE)_MD5 =3D f294efbeabcf6027fccc7983a6daa55f
>  =20
>   install : $(TARGET)
>  =20
>=20

--===============6736158033428441061==--