81267 – apache 2.0.53 (version bump)

Bug 81267 - apache 2.0.53 (version bump)

Summary: apache 2.0.53 (version bump)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Server (show other bugs)
Hardware:	All All

Importance:	High enhancement (vote)
Assignee:	Apache Team - Bugzilla Reports

URL:	http://mirror.switch.ch/mirror/apache...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-02-08 10:48 UTC by Tobias Sager
Modified:	2005-03-03 16:18 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tobias Sager 2005-02-08 10:48:48 UTC

apache 2.0.53 is out. Two security fixes:
<snip>
  *) SECURITY: CAN-2004-0942 (cve.mitre.org)
     Fix for memory consumption DoS in handling of MIME folded request
     headers.  [Joe Orton]

  *) SECURITY: CAN-2004-0885 (cve.mitre.org)
     mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
     bypassed during an SSL renegotiation.  PR 31505.  
     [Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton]
</snip>

Comment 1 Paul Querna 2005-02-08 11:21:58 UTC

Both of these are Patched by the current ebuild. This is not a security issue.

Comment 2 Curtis Magyar 2005-02-08 18:48:40 UTC

Re #1:

Fixed in net-www/apache-2.0.52-r2 or r3?  Because r3 is in package.mask isn't it?

Comment 3 Curtis Magyar 2005-02-08 18:57:40 UTC

Nevermind.  I didn't realize these bugs were from September.

Comment 4 Elfyn McBratney (beu) (RETIRED) gentoo-dev

2005-02-08 19:42:25 UTC

The fixes for the the CAN's mentioned are applied to >=apache-2.0.52-r1.

Comment 5 Elfyn McBratney (beu) (RETIRED) gentoo-dev

2005-03-03 16:18:07 UTC

Bumped in CVS.