For details see: https://dlcdn.apache.org//httpd/CHANGES_2.4.49
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org --- lfs/apache2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lfs/apache2 b/lfs/apache2 index ff9de7eb7..e63489e8f 100644 --- a/lfs/apache2 +++ b/lfs/apache2 @@ -25,7 +25,7 @@
include Config
-VER = 2.4.48 +VER = 2.4.49
THISAPP = httpd-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -45,7 +45,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a7088cec171b0d00bf43394ce64d3909 +$(DL_FILE)_MD5 = f294efbeabcf6027fccc7983a6daa55f
install : $(TARGET)
Hi Matthias,
thanks for submitting this.
Skimming through https://httpd.apache.org/security/vulnerabilities_24.html, I think IPFire is vulnerable to CVE-2021-34798 ("moderate: NULL pointer dereference in httpd core") only. CVE-2021-39275 would require 3rd party modules, which we don't use, and the rest applies to mod_proxy, which we don't use either IMHO.
Reviewed-by: Peter Müller peter.mueller@ipfire.org
Thanks, and best regards, Peter Müller
For details see: https://dlcdn.apache.org//httpd/CHANGES_2.4.49
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
lfs/apache2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lfs/apache2 b/lfs/apache2 index ff9de7eb7..e63489e8f 100644 --- a/lfs/apache2 +++ b/lfs/apache2 @@ -25,7 +25,7 @@
include Config
-VER = 2.4.48 +VER = 2.4.49
THISAPP = httpd-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -45,7 +45,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a7088cec171b0d00bf43394ce64d3909 +$(DL_FILE)_MD5 = f294efbeabcf6027fccc7983a6daa55f
install : $(TARGET)
-
Matthias Fischer -
Peter Müller