Bug 269015 - [PATCH] www/apache24: UPdate to 2.4.55
Summary: [PATCH] www/apache24: UPdate to 2.4.55
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Cy Schubert
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-01-17 20:41 UTC by Cy Schubert
Modified: 2023-01-23 16:30 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (apache)

Attachments
update to 2.4.55 fixing multiple vulnerabilities (1.73 KB, patch)
2023-01-17 20:41 UTC, Cy Schubert 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Cy Schubert freebsd_committer freebsd_triage 2023-01-17 20:41:51 UTC 
Created attachment 239542 [details]
update to 2.4.55 fixing multiple vulnerabilities

Fix multiple vulnerabilities.
Comment 1 commit-hook freebsd_committer freebsd_triage 2023-01-17 21:13:34 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=57ca2ea50da81d0223f6c3660a704f7098cac282

commit 57ca2ea50da81d0223f6c3660a704f7098cac282
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2023-01-17 20:36:12 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2023-01-17 21:12:13 +0000

    www/apache24: Update to 2.4.55

    Fixes multiple vulnerabilities.

    PR:             269015
    MFH:            2023Q1
    Security:       00919005-96a3-11ed-86e9-d4c9ef517024
                    CVE-2022-37436, CVE-2022-36760, CVE-2006-20001

 www/apache24/Makefile  | 2 +-
 www/apache24/distinfo  | 6 +++---
 www/apache24/pkg-plist | 1 +
 3 files changed, 5 insertions(+), 4 deletions(-)
Comment 2 commit-hook freebsd_committer freebsd_triage 2023-01-17 23:10:56 UTC 
A commit in branch 2023Q1 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=0d6517d860aa56a7c4e2e976c10ff8516a4857f9

commit 0d6517d860aa56a7c4e2e976c10ff8516a4857f9
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2023-01-17 20:36:12 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2023-01-17 23:10:00 +0000

    www/apache24: Update to 2.4.55

    Fixes multiple vulnerabilities.

    PR:             269015
    Security:       00919005-96a3-11ed-86e9-d4c9ef517024
                    CVE-2022-37436, CVE-2022-36760, CVE-2006-20001
    (cherry picked from commit 57ca2ea50da81d0223f6c3660a704f7098cac282)

 www/apache24/Makefile  | 2 +-
 www/apache24/distinfo  | 6 +++---
 www/apache24/pkg-plist | 1 +
 3 files changed, 5 insertions(+), 4 deletions(-)
Comment 3 Jochen Neumeister freebsd_committer freebsd_triage 2023-01-18 06:32:38 UTC 
for the documentation:
this has not been released by the Apache team and it is not a timeout.
Comment 4 Cy Schubert freebsd_committer freebsd_triage 2023-01-18 16:48:25 UTC 
My mistake. I misread the assignments. Ouch.
Comment 5 Michael Osipov 2023-01-23 07:50:39 UTC 
This is already committed, any reason why issue is still open?