245284 – www/apache24: Security Update to 2.4.43

Bug 245284 - www/apache24: Security Update to 2.4.43

Summary: www/apache24: Security Update to 2.4.43

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	freebsd-apache (Nobody)

URL:
Keywords:	security

Depends on:
Blocks:

Reported:	2020-04-02 14:06 UTC by Pascal Christen
Modified:	2020-04-02 14:24 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (apache)

Attachments
Apache Update to 2.4.43 (647 bytes, patch) 2020-04-02 14:06 UTC, Pascal Christen	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Pascal Christen 2020-04-02 14:06:21 UTC

Created attachment 212981 [details]
Apache Update to 2.4.43

Changes with Apache 2.4.43

  *) SECURITY: CVE-2020-1934 (cve.mitre.org)
     mod_proxy_ftp: Use of uninitialized value with malicious backend FTP
     server. [Eric Covener]

  *) SECURITY: CVE-2020-1927 (cve.mitre.org)
     rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable
     matches and substitutions with encoded line break characters.
     The fix for CVE-2019-10098 was not effective.  [Ruediger Pluem]

  *) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic]


https://downloads.apache.org//httpd/CHANGES_2.4.43

Comment 1 Pascal Christen 2020-04-02 14:24:26 UTC

Revision 530372 - (show annotations) (download)
Thu Apr 2 14:05:13 2020 UTC (18 minutes, 8 seconds ago) by joneum
File MIME type: text/plain
File size: 7993 byte(s)
Update to 2.4.43

Got updated at the same time as I opened the issue