Summary: | <www-servers/apache-2.4.53: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | apache-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 830888, 835150 | ||
Bug Blocks: |
Description
Sam James
2022-03-14 10:47:10 UTC
Please bump to 2.4.53. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6702959733ce8fd21a656f3bd9d1792b4700b19c commit 6702959733ce8fd21a656f3bd9d1792b4700b19c Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2022-03-14 16:24:01 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2022-03-14 16:24:01 +0000 www-servers/apache: add 2.4.53 Bug: https://bugs.gentoo.org/835131 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Hans de Graaff <graaff@gentoo.org> www-servers/apache/Manifest | 1 + www-servers/apache/apache-2.4.53.ebuild | 259 ++++++++++++++++++++++++++++++++ 2 files changed, 260 insertions(+) Not changed yet: *) Support pcre2 (10.x) library in place of the now end-of-life pcre (8.x) for regular expression evaluation. This depends on locating pcre2-config. [William Rowe, Petr Pisar <ppisar redhat.com>, Rainer Jung] This will require changes in the apache-2.eclass and is probably best left for a non-security revision. (In reply to Hans de Graaff from comment #3) > Not changed yet: > > *) Support pcre2 (10.x) library in place of the now end-of-life pcre (8.x) > for regular expression evaluation. This depends on locating > pcre2-config. > [William Rowe, Petr Pisar <ppisar redhat.com>, Rainer Jung] > > This will require changes in the apache-2.eclass and is probably best left > for a non-security revision. Thanks! Filed that bit as bug 835151 too so we don't forget. Please cleanup, thanks! commit efdc96d17e9a8468e478d351b8546a2526f24a2c Author: Conrad Kostecki <conikost@gentoo.org> Date: Sat Jul 9 22:44:47 2022 +0200 www-servers/apache: drop 2.4.53, 2.4.53-r1 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=7809350d99ef042a9f97a7a6edcb9ca5c28db476 commit 7809350d99ef042a9f97a7a6edcb9ca5c28db476 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-14 00:09:33 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-14 00:11:42 +0000 [ GLSA 202208-20 ] Apache HTTPD: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/813429 Bug: https://bugs.gentoo.org/816399 Bug: https://bugs.gentoo.org/816864 Bug: https://bugs.gentoo.org/829722 Bug: https://bugs.gentoo.org/835131 Bug: https://bugs.gentoo.org/850622 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-20.xml | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) GLSA released, all done! |