Bug 269015

Summary:

[PATCH] www/apache24: UPdate to 2.4.55

Product:

Ports & Packages

Reporter:

Cy Schubert <cy>

Component:

Individual Port(s)

Assignee:

Cy Schubert <cy>

Status:

Closed FIXED

Severity:

Affects Only Me

CC:

joneum, michael.osipov

Priority:

---

Flags:

bugzilla: maintainer-feedback? (apache)

Version:

Latest

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
update to 2.4.55 fixing multiple vulnerabilities	none

Description Cy Schubert freebsd_committer

2023-01-17 20:41:51 UTC

Created attachment 239542 [details]
update to 2.4.55 fixing multiple vulnerabilities

Fix multiple vulnerabilities.

Comment 1 commit-hook freebsd_committer

2023-01-17 21:13:34 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=57ca2ea50da81d0223f6c3660a704f7098cac282

commit 57ca2ea50da81d0223f6c3660a704f7098cac282
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2023-01-17 20:36:12 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2023-01-17 21:12:13 +0000

    www/apache24: Update to 2.4.55

    Fixes multiple vulnerabilities.

    PR:             269015
    MFH:            2023Q1
    Security:       00919005-96a3-11ed-86e9-d4c9ef517024
                    CVE-2022-37436, CVE-2022-36760, CVE-2006-20001

 www/apache24/Makefile  | 2 +-
 www/apache24/distinfo  | 6 +++---
 www/apache24/pkg-plist | 1 +
 3 files changed, 5 insertions(+), 4 deletions(-)

Comment 2 commit-hook freebsd_committer

2023-01-17 23:10:56 UTC

A commit in branch 2023Q1 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=0d6517d860aa56a7c4e2e976c10ff8516a4857f9

commit 0d6517d860aa56a7c4e2e976c10ff8516a4857f9
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2023-01-17 20:36:12 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2023-01-17 23:10:00 +0000

    www/apache24: Update to 2.4.55

    Fixes multiple vulnerabilities.

    PR:             269015
    Security:       00919005-96a3-11ed-86e9-d4c9ef517024
                    CVE-2022-37436, CVE-2022-36760, CVE-2006-20001
    (cherry picked from commit 57ca2ea50da81d0223f6c3660a704f7098cac282)

 www/apache24/Makefile  | 2 +-
 www/apache24/distinfo  | 6 +++---
 www/apache24/pkg-plist | 1 +
 3 files changed, 5 insertions(+), 4 deletions(-)

Comment 3 Jochen Neumeister freebsd_committer

2023-01-18 06:32:38 UTC

for the documentation:
this has not been released by the Apache team and it is not a timeout.

Comment 4 Cy Schubert freebsd_committer

2023-01-18 16:48:25 UTC

My mistake. I misread the assignments. Ouch.

Comment 5 Michael Osipov 2023-01-23 07:50:39 UTC

This is already committed, any reason why issue is still open?