Re: Is apache24-2.4.54 vulnerable ?

From: moto kawasaki <moto_at_kawasaki3.org>
Date: Thu, 09 Jun 2022 23:51:55 UTC
Hi ISHIZUKA san,

It seems like true for apache24-2.4.53 and prior, and fixed version is
...2.4.54.

See also Apache httpd's Security Reports page:
https://httpd.apache.org/security/vulnerabilities_24.html

Thanks.


-- 
moto kawasaki <moto@kawasaki3.org>




on Fri, 10 Jun 2022 08:15:07 +0900 (JST), Masachika ISHIZUKA <ish@amail.plala.or.jp> wrote:

> % uname -a
> FreeBSD peach.ish.org 13.1-RELEASE FreeBSD 13.1-RELEASE releng/13.1-n250148-fc952ac2212 GENERIC amd64
> % pkg audit -F
> vulnxml file up-to-date
> apache24-2.4.54 is vulnerable:
> Apache httpd -- Multiple vulnerabilities
>   CVE: CVE-2022-26377
>   CVE: CVE-2022-28330
>   CVE: CVE-2022-28614
>   CVE: CVE-2022-28615
>   CVE: CVE-2022-29404
>   CVE: CVE-2022-30522
>   CVE: CVE-2022-30556
>   CVE: CVE-2022-31813
>   WWW: https://vuxml.FreeBSD.org/freebsd/49adfbe5-e7d1-11ec-8fbd-d4c9ef517024.html
> 1 problem(s) in 1 installed package(s) found.
> 
>   Is this report true for apache24-2.4.54 ?
> -- 
> Masachika ISHIZUKA
>