From mboxrd@z Thu Jan  1 00:00:00 1970
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] apache: Update to 2.4.51
Date: Sat, 09 Oct 2021 13:03:13 +0200
Message-ID: <56b30f98-c3aa-5247-cf93-19609e5c0714@ipfire.org>
In-Reply-To: <20211008171240.1867-1-matthias.fischer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8175429924475194954=="
List-Id: <development.lists.ipfire.org>

--===============8175429924475194954==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Several security fixes in those new versions so definitely worth updating. :+=
1:

Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>

On 08/10/2021 19:12, Matthias Fischer wrote:
> For details see (2.49):
> https://dlcdn.apache.org//httpd/CHANGES_2.4.49
>
> For 2.51:
> https://dlcdn.apache.org//httpd/CHANGES_2.4.51
>
> "SECURITY: CVE-2021-42013: Path Traversal and Remote Code
> Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete
> fix of CVE-2021-41773) (cve.mitre.org)
> It was found that the fix for CVE-2021-41773 in Apache HTTP
> Server 2.4.50 was insufficient..."
>
> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
> ---
>   lfs/apache2 | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/lfs/apache2 b/lfs/apache2
> index ff9de7eb7..b4064cee0 100644
> --- a/lfs/apache2
> +++ b/lfs/apache2
> @@ -25,7 +25,7 @@
>  =20
>   include Config
>  =20
> -VER        =3D 2.4.48
> +VER        =3D 2.4.51
>  =20
>   THISAPP    =3D httpd-$(VER)
>   DL_FILE    =3D $(THISAPP).tar.bz2
> @@ -45,7 +45,7 @@ objects =3D $(DL_FILE)
>  =20
>   $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
>  =20
> -$(DL_FILE)_MD5 =3D a7088cec171b0d00bf43394ce64d3909
> +$(DL_FILE)_MD5 =3D d2793fc1c8cb8ba355cee877d1f2d46d
>  =20
>   install : $(TARGET)
>  =20

--===============8175429924475194954==--