[Bug 245284] www/apache24: Security Update to 2.4.43
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Apr 2 14:16:01 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245284
Bug ID: 245284
Summary: www/apache24: Security Update to 2.4.43
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Keywords: security
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: apache at FreeBSD.org
Reporter: pascal.christen at hostpoint.ch
Assignee: apache at FreeBSD.org
Flags: maintainer-feedback?(apache at FreeBSD.org)
Created attachment 212981
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=212981&action=edit
Apache Update to 2.4.43
Changes with Apache 2.4.43
*) SECURITY: CVE-2020-1934 (cve.mitre.org)
mod_proxy_ftp: Use of uninitialized value with malicious backend FTP
server. [Eric Covener]
*) SECURITY: CVE-2020-1927 (cve.mitre.org)
rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable
matches and substitutions with encoded line break characters.
The fix for CVE-2019-10098 was not effective. [Ruediger Pluem]
*) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic]
https://downloads.apache.org//httpd/CHANGES_2.4.43
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-apache
mailing list