Bug 245284

Summary:

www/apache24: Security Update to 2.4.43

Product:

Ports & Packages

Reporter:

Pascal Christen <pascal.christen>

Component:

Individual Port(s)

Assignee:

freebsd-apache (Nobody) <apache>

Status:

Closed FIXED

Severity:

Affects Many People

CC:

pascal.christen

Priority:

---

Keywords:

security

Version:

Latest

Flags:

bugzilla: maintainer-feedback? (apache)

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
Apache Update to 2.4.43	none

Description Pascal Christen 2020-04-02 14:06:21 UTC

Created attachment 212981 [details]
Apache Update to 2.4.43

Changes with Apache 2.4.43

  *) SECURITY: CVE-2020-1934 (cve.mitre.org)
     mod_proxy_ftp: Use of uninitialized value with malicious backend FTP
     server. [Eric Covener]

  *) SECURITY: CVE-2020-1927 (cve.mitre.org)
     rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable
     matches and substitutions with encoded line break characters.
     The fix for CVE-2019-10098 was not effective.  [Ruediger Pluem]

  *) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic]


https://downloads.apache.org//httpd/CHANGES_2.4.43

Comment 1 Pascal Christen 2020-04-02 14:24:26 UTC

Revision 530372 - (show annotations) (download)
Thu Apr 2 14:05:13 2020 UTC (18 minutes, 8 seconds ago) by joneum
File MIME type: text/plain
File size: 7993 byte(s)
Update to 2.4.43

Got updated at the same time as I opened the issue