Date: Mon, 14 Mar 2022 19:02:51 +0000 From: bugzilla-noreply@freebsd.org To: apache@FreeBSD.org Subject: maintainer-feedback requested: [Bug 262557] [PATCH] www/apache24 - Update to 2.4.53 (Fix CVEs) see https://reviews.freebsd.org/D34549 Message-ID: <bug-262557-16115-XdElNfeVZY@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-262557-16115@https.bugs.freebsd.org/bugzilla/> References: <bug-262557-16115@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
Cy Schubert <cy@FreeBSD.org> has asked freebsd-apache (Nobody) <apache@FreeBSD.org> for maintainer-feedback: Bug 262557: [PATCH] www/apache24 - Update to 2.4.53 (Fix CVEs) see https://reviews.freebsd.org/D34549 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D262557 --- Description --- Please see https://reviews.freebsd.org/D34549 for the patch. 2.4.53 fixes the following CVEs" - CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier - CVE-2022-22719: Apache HTTP Server: mod_lua Use of uninitialized value of= in r:parsebody - CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow with v= ery large or unlimited LimitXMLRequestBody
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-262557-16115-XdElNfeVZY>