diff mbox series

[v1,1/2] package/apache: security bump to version 2.4.50

Message ID 20211005190928.17057-1-ps.report@gmx.net
State Accepted
Headers show
Series [v1,1/2] package/apache: security bump to version 2.4.50 | expand

Commit Message

Peter Seiderer Oct. 5, 2021, 7:09 p.m. UTC 
Fixes CVE-2021-41524 and CVE-2021-41773, for details see [1] and [2].

[1] https://downloads.apache.org/httpd/CHANGES_2.4.50
[2] https://httpd.apache.org/security/vulnerabilities_24.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
---
 package/apache/apache.hash | 6 +++---
 package/apache/apache.mk   | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

Comments

Peter Korsgaard Oct. 7, 2021, 8:16 p.m. UTC | #1 
>>>>> "Peter" == Peter Seiderer <ps.report@gmx.net> writes:

 > Fixes CVE-2021-41524 and CVE-2021-41773, for details see [1] and [2].
 > [1] https://downloads.apache.org/httpd/CHANGES_2.4.50
 > [2] https://httpd.apache.org/security/vulnerabilities_24.html

 > Signed-off-by: Peter Seiderer <ps.report@gmx.net>

Committed, thanks.

I see that there is already a 2.4.51 release with additional fixes for
CVE-2021-41773, care to send a patch for that?

https://downloads.apache.org/httpd/CHANGES_2.4.51
Peter Korsgaard Oct. 9, 2021, 11:47 a.m. UTC | #2 
>>>>> "Peter" == Peter Seiderer <ps.report@gmx.net> writes:

 > Fixes CVE-2021-41524 and CVE-2021-41773, for details see [1] and [2].
 > [1] https://downloads.apache.org/httpd/CHANGES_2.4.50
 > [2] https://httpd.apache.org/security/vulnerabilities_24.html

 > Signed-off-by: Peter Seiderer <ps.report@gmx.net>

Committed to 2021.02.x, 2021.05.x and 2021.08.x, thanks.
diff mbox series

Patch

diff --git a/package/apache/apache.hash b/package/apache/apache.hash
index 49efefebb9..abcb79f14d 100644
--- a/package/apache/apache.hash
+++ b/package/apache/apache.hash
@@ -1,5 +1,5 @@ 
-# From http://archive.apache.org/dist/httpd/httpd-2.4.49.tar.bz2.{sha256,sha512}
-sha256  65b965d6890ea90d9706595e4b7b9365b5060bec8ea723449480b4769974133b  httpd-2.4.49.tar.bz2
-sha512  418e277232cf30a81d02b8554e31aaae6433bbea842bdb81e47a609469395cc4891183fb6ee02bd669edb2392c2007869b19da29f5998b8fd5c7d3142db310dd  httpd-2.4.49.tar.bz2
+# From https://archive.apache.org/dist/httpd/httpd-2.4.50.tar.bz2.{sha256,sha512}
+sha256  6a2817c070c606682eb53ed963511407d3c3d7a379cdf855971467b00fb3890f  httpd-2.4.50.tar.bz2
+sha512  b1afbaf44e503b822ff2b443881dcb44a93aa55d496f88ae399a2e7def05f78590f266a16da1f2c0aac88e463b76fba20843b1e20a102e76c8269de6fae3e158  httpd-2.4.50.tar.bz2
 # Locally computed
 sha256  47b8c2b6c3309282a99d4a3001575c790fead690cc14734628c4667d2bbffc43  LICENSE
diff --git a/package/apache/apache.mk b/package/apache/apache.mk
index ae2fb70535..e355ff71bf 100644
--- a/package/apache/apache.mk
+++ b/package/apache/apache.mk
@@ -4,7 +4,7 @@ 
 #
 ################################################################################
 
-APACHE_VERSION = 2.4.49
+APACHE_VERSION = 2.4.50
 APACHE_SOURCE = httpd-$(APACHE_VERSION).tar.bz2
 APACHE_SITE = http://archive.apache.org/dist/httpd
 APACHE_LICENSE = Apache-2.0