Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 381297 - www-servers/apache-2.2.20: version bump (CVE-2011-3192)
Summary: www-servers/apache-2.2.20: version bump (CVE-2011-3192)
Status: RESOLVED DUPLICATE of bug 380475
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High critical (vote)
Assignee: Gentoo Linux bug wranglers
URL: http://apache.imsam.info//httpd/CHANG...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-08-31 13:37 UTC by cilly
Modified: 2011-08-31 14:04 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description cilly 2011-08-31 13:37:40 UTC 
version bump, pls

Changes with Apache 2.2.20

  *) SECURITY: CVE-2011-3192 (cve.mitre.org)
     core: Fix handling of byte-range requests to use less memory, to avoid
     denial of service. If the sum of all ranges in a request is larger than
     the original file, ignore the ranges and send the complete file.
     PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener]

  *) mod_authnz_ldap: If the LDAP server returns constraint violation,
     don't treat this as an error but as "auth denied". [Stefan Fritsch]

  *) mod_filter: Fix FilterProvider conditions of type "resp=" (response
     headers) for CGI. [Joe Orton, Rainer Jung]

  *) mod_reqtimeout: Fix a timed out connection going into the keep-alive
     state after a timeout when discarding a request body. PR 51103.
     [Stefan Fritsch]

  *) core: Do the hook sorting earlier so that the hooks are properly sorted
     for the pre_config hook and during parsing the config. [Stefan Fritsch]
Comment 1 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2011-08-31 14:04:05 UTC 

*** This bug has been marked as a duplicate of bug 380475 ***