From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] apache: Update to 2.4.51
Date: Sat, 09 Oct 2021 13:15:35 +0100
Message-ID: <D4CBC9F0-4E44-4623-A887-12B341D7FE29@ipfire.org>
In-Reply-To: <20211008171240.1867-1-matthias.fischer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1835046575670705786=="
List-Id: <development.lists.ipfire.org>

--===============1835046575670705786==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 8 Oct 2021, at 18:12, Matthias Fischer <matthias.fischer(a)ipfire.org> w=
rote:
>=20
> For details see (2.49):
> https://dlcdn.apache.org//httpd/CHANGES_2.4.49
>=20
> For 2.51:
> https://dlcdn.apache.org//httpd/CHANGES_2.4.51
>=20
> "SECURITY: CVE-2021-42013: Path Traversal and Remote Code
> Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete
> fix of CVE-2021-41773) (cve.mitre.org)
> It was found that the fix for CVE-2021-41773 in Apache HTTP
> Server 2.4.50 was insufficient..."
>=20
> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
> ---
> lfs/apache2 | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>=20
> diff --git a/lfs/apache2 b/lfs/apache2
> index ff9de7eb7..b4064cee0 100644
> --- a/lfs/apache2
> +++ b/lfs/apache2
> @@ -25,7 +25,7 @@
>=20
> include Config
>=20
> -VER        =3D 2.4.48
> +VER        =3D 2.4.51
>=20
> THISAPP    =3D httpd-$(VER)
> DL_FILE    =3D $(THISAPP).tar.bz2
> @@ -45,7 +45,7 @@ objects =3D $(DL_FILE)
>=20
> $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
>=20
> -$(DL_FILE)_MD5 =3D a7088cec171b0d00bf43394ce64d3909
> +$(DL_FILE)_MD5 =3D d2793fc1c8cb8ba355cee877d1f2d46d
>=20
> install : $(TARGET)
>=20
> --=20
> 2.18.0
>=20


--===============1835046575670705786==--