maintainer-feedback requested: [Bug 245284] www/apache24: Security Update to 2.4.43
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Apr 2 14:06:41 UTC 2020
Bugzilla Automation <bugzilla at FreeBSD.org> has asked freebsd-apache mailing
list <apache at FreeBSD.org> for maintainer-feedback:
Bug 245284: www/apache24: Security Update to 2.4.43
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245284
--- Description ---
Changes with Apache 2.4.43
*) SECURITY: CVE-2020-1934 (cve.mitre.org)
mod_proxy_ftp: Use of uninitialized value with malicious backend FTP
server. [Eric Covener]
*) SECURITY: CVE-2020-1927 (cve.mitre.org)
rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable
matches and substitutions with encoded line break characters.
The fix for CVE-2019-10098 was not effective. [Ruediger Pluem]
*) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic]
https://downloads.apache.org//httpd/CHANGES_2.4.43
More information about the freebsd-apache
mailing list