Date: Thu, 02 Apr 2020 14:06:21 +0000 From: bugzilla-noreply@freebsd.org To: apache@FreeBSD.org Subject: maintainer-feedback requested: [Bug 245284] www/apache24: Security Update to 2.4.43 Message-ID: <bug-245284-16115-Pl0HH9CXXV@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-245284-16115@https.bugs.freebsd.org/bugzilla/> References: <bug-245284-16115@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
Bugzilla Automation <bugzilla@FreeBSD.org> has asked freebsd-apache mailing list <apache@FreeBSD.org> for maintainer-feedback: Bug 245284: www/apache24: Security Update to 2.4.43 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D245284 --- Description --- Changes with Apache 2.4.43 *) SECURITY: CVE-2020-1934 (cve.mitre.org) mod_proxy_ftp: Use of uninitialized value with malicious backend FTP server. [Eric Covener] *) SECURITY: CVE-2020-1927 (cve.mitre.org) rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable matches and substitutions with encoded line break characters. The fix for CVE-2019-10098 was not effective. [Ruediger Pluem] *) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic] https://downloads.apache.org//httpd/CHANGES_2.4.43
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-245284-16115-Pl0HH9CXXV>