By specially crafting HTTP requests, the mod_md challenge handler would
dereference a NULL pointer and cause the child process to segfault. This
could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34
@ Maintainer(s): Can we start stabilization of =www-servers/apache-2.4.34-r1?
low: DoS for HTTP/2 connections by crafted requests (CVE-2018-1333)
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service.
This issue only affects servers that have configured and enabled HTTP/2 support, which is not the default
Acknowledgements: The issue was discovered by Craig Young of Tripwire VERT.
Stable on alpha.
all arches done
GLSA Vote: no
@Maintainers please cleanup older versions.
@maintainer, is cleanup on hold?
cleanup will happen in bug #676064