[Bug 288514] www/apache24: port may be updated to 2.4.65

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 288514] www/apache24: port may be updated to 2.4.65"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 28 Jul 2025 17:42:48 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288514

Vladimir Druzenko <vvd@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |merge-quarterly?
                URL|                            |https://downloads.apache.or
                   |                            |g/httpd/CHANGES_2.4.65

--- Comment #1 from Vladimir Druzenko <vvd@FreeBSD.org> ---
Fixed regression:

Changes with Apache 2.4.65
  *) SECURITY: CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr'
     always evaluates to true in 2.4.64 (cve.mitre.org)
     A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond
     expr ..." tests evaluating as "true".
     Users are recommended to upgrade to version 2.4.65, which fixes
     the issue.

-- 
You are receiving this mail because:
You are the assignee for the bug.