Message ID | 20211005190928.17057-1-ps.report@gmx.net |
---|---|
State | Accepted |
Headers | show |
Series | [v1,1/2] package/apache: security bump to version 2.4.50 | expand |
>>>>> "Peter" == Peter Seiderer <ps.report@gmx.net> writes: > Fixes CVE-2021-41524 and CVE-2021-41773, for details see [1] and [2]. > [1] https://downloads.apache.org/httpd/CHANGES_2.4.50 > [2] https://httpd.apache.org/security/vulnerabilities_24.html > Signed-off-by: Peter Seiderer <ps.report@gmx.net> Committed, thanks. I see that there is already a 2.4.51 release with additional fixes for CVE-2021-41773, care to send a patch for that? https://downloads.apache.org/httpd/CHANGES_2.4.51
>>>>> "Peter" == Peter Seiderer <ps.report@gmx.net> writes: > Fixes CVE-2021-41524 and CVE-2021-41773, for details see [1] and [2]. > [1] https://downloads.apache.org/httpd/CHANGES_2.4.50 > [2] https://httpd.apache.org/security/vulnerabilities_24.html > Signed-off-by: Peter Seiderer <ps.report@gmx.net> Committed to 2021.02.x, 2021.05.x and 2021.08.x, thanks.
diff --git a/package/apache/apache.hash b/package/apache/apache.hash index 49efefebb9..abcb79f14d 100644 --- a/package/apache/apache.hash +++ b/package/apache/apache.hash @@ -1,5 +1,5 @@ -# From http://archive.apache.org/dist/httpd/httpd-2.4.49.tar.bz2.{sha256,sha512} -sha256 65b965d6890ea90d9706595e4b7b9365b5060bec8ea723449480b4769974133b httpd-2.4.49.tar.bz2 -sha512 418e277232cf30a81d02b8554e31aaae6433bbea842bdb81e47a609469395cc4891183fb6ee02bd669edb2392c2007869b19da29f5998b8fd5c7d3142db310dd httpd-2.4.49.tar.bz2 +# From https://archive.apache.org/dist/httpd/httpd-2.4.50.tar.bz2.{sha256,sha512} +sha256 6a2817c070c606682eb53ed963511407d3c3d7a379cdf855971467b00fb3890f httpd-2.4.50.tar.bz2 +sha512 b1afbaf44e503b822ff2b443881dcb44a93aa55d496f88ae399a2e7def05f78590f266a16da1f2c0aac88e463b76fba20843b1e20a102e76c8269de6fae3e158 httpd-2.4.50.tar.bz2 # Locally computed sha256 47b8c2b6c3309282a99d4a3001575c790fead690cc14734628c4667d2bbffc43 LICENSE diff --git a/package/apache/apache.mk b/package/apache/apache.mk index ae2fb70535..e355ff71bf 100644 --- a/package/apache/apache.mk +++ b/package/apache/apache.mk @@ -4,7 +4,7 @@ # ################################################################################ -APACHE_VERSION = 2.4.49 +APACHE_VERSION = 2.4.50 APACHE_SOURCE = httpd-$(APACHE_VERSION).tar.bz2 APACHE_SITE = http://archive.apache.org/dist/httpd APACHE_LICENSE = Apache-2.0
Fixes CVE-2021-41524 and CVE-2021-41773, for details see [1] and [2]. [1] https://downloads.apache.org/httpd/CHANGES_2.4.50 [2] https://httpd.apache.org/security/vulnerabilities_24.html Signed-off-by: Peter Seiderer <ps.report@gmx.net> --- package/apache/apache.hash | 6 +++--- package/apache/apache.mk | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-)