[packages/apache] - up to 2.4.46;Fixes:
arekm
arekm at pld-linux.org
Tue Aug 18 22:18:10 CEST 2020
commit 67b26e16eb6adc53b721368fd1331fe47d3f170b
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Tue Aug 18 22:17:20 2020 +0200
- up to 2.4.46;Fixes:
*) SECURITY: CVE-2020-11984 (cve.mitre.org)
mod_proxy_uwsgi: Malicious request may result in information
disclosure or RCE of existing file on the server running under a malicious
process environment. [Yann Ylavic]
*) SECURITY: CVE-2020-11993 (cve.mitre.org)
mod_http2: when throttling connection requests, log statements
where possibly made that result in concurrent, unsafe use of
a memory pool. [Stefan Eissing]
*) SECURITY:
mod_http2: a specially crafted value for the 'Cache-Digest' header
request would result in a crash when the server actually tries
to HTTP/2 PUSH a resource afterwards.
[Stefen Eissing, Eric Covener, Christophe Jaillet]
apache.spec | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/apache.spec b/apache.spec
index 3b57eff..335c6bd 100644
--- a/apache.spec
+++ b/apache.spec
@@ -33,12 +33,12 @@ Summary(pt_BR.UTF-8): Servidor HTTPD para prover serviços WWW
Summary(ru.UTF-8): Самый популярный веб-сервер
Summary(tr.UTF-8): Lider WWW tarayıcı
Name: apache
-Version: 2.4.43
+Version: 2.4.46
Release: 1
License: Apache v2.0
Group: Networking/Daemons/HTTP
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
-# Source0-md5: 791c986b1e70fe61eb44060aacc89a64
+# Source0-md5: 7d661ea5e736dac5e2761d9f49fe8361
Source1: %{name}.init
Source2: %{name}.logrotate
Source3: %{name}.sysconfig
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/apache.git/commitdiff/67b26e16eb6adc53b721368fd1331fe47d3f170b
More information about the pld-cvs-commit
mailing list