[Bug 245284] www/apache24: Security Update to 2.4.43

Thu Apr 2 14:16:01 UTC 2020

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245284

            Bug ID: 245284
           Summary: www/apache24: Security Update to 2.4.43
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Keywords: security
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: apache at FreeBSD.org
          Reporter: pascal.christen at hostpoint.ch
          Assignee: apache at FreeBSD.org
             Flags: maintainer-feedback?(apache at FreeBSD.org)

Created attachment 212981
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=212981&action=edit
Apache Update to 2.4.43

Changes with Apache 2.4.43

  *) SECURITY: CVE-2020-1934 (cve.mitre.org)
     mod_proxy_ftp: Use of uninitialized value with malicious backend FTP
     server. [Eric Covener]

  *) SECURITY: CVE-2020-1927 (cve.mitre.org)
     rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable
     matches and substitutions with encoded line break characters.
     The fix for CVE-2019-10098 was not effective.  [Ruediger Pluem]

  *) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic]

https://downloads.apache.org//httpd/CHANGES_2.4.43

-- 
You are receiving this mail because:
You are the assignee for the bug.