281454 – Apache 2.2.13 has been released, fixing numerous bugs and security flaws.

Bug 281454 - Apache 2.2.13 has been released, fixing numerous bugs and security flaws.

Summary: Apache 2.2.13 has been released, fixing numerous bugs and security flaws.

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	High enhancement
Assignee:	Apache Team - Bugzilla Reports

URL:	http://httpd.apache.org/
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2009-08-14 11:23 UTC by Milos Ivanovic
Modified:	2009-08-26 08:16 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Milos Ivanovic 2009-08-14 11:23:53 UTC

Can the Apache 2.2.13 package please be added to the ~arch tree?

Changes with Apache 2.2.13

  *) SECURITY: CVE-2009-2412 (cve.mitre.org)
     Distributed with APR 1.3.8 and APR-util 1.3.9 to fix potential overflow
     in pools and rmm, where size alignment was taking place.
     [Matt Lewis <mattlewis@google.com>, Sander Striker]

  *) mod_ssl, ab: improve compatibility with OpenSSL 1.0.0 betas.  Report
     warnings compiling mod_ssl against OpenSSL to the httpd developers.
     [Guenter Knauf]

  *) mod_cgid: Do not add an empty argument when calling the CGI script.
     PR 46380 [Ruediger Pluem]

  *) Fix potential segfaults with use of the legacy ap_rputs() etc
     interfaces, in cases where an output filter fails.  PR 36780.
     [Joe Orton]

Reproducible: Always

Steps to Reproduce:

Comment 1 Alex Legler (RETIRED) archtester

2009-08-14 11:28:56 UTC

FYI: The apr flaws are already addressed in bug 280514.

Comment 2 Benedikt Böhm (RETIRED) gentoo-dev

2009-08-26 08:16:15 UTC

in cvs, thanks