git.99rst.org / openwrt-packages.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cdcbe88)
apache: security bump to 2.4.46
authorSebastian Kemper <redacted>
Sat, 8 Aug 2020 14:15:43 +0000 (16:15 +0200)
committerSebastian Kemper <redacted>
Sat, 8 Aug 2020 14:15:46 +0000 (16:15 +0200)
commitd4addd14c0c1122c0a597c1da180f694bcfd5754
tree38b47317851a4b730857d7fa515dfddac3330563tree | snapshot
parentcdcbe880df459e98a0153adb789321b87c98f1b1commit | diff
apache: security bump to 2.4.46

From CHANGES_2.4:

SECURITY: CVE-2020-11984 (cve.mitre.org)
  mod_proxy_uwsgi: Malicious request may result in information disclosure
  or RCE of existing file on the server running under a malicious process
  environment. [Yann Ylavic]

SECURITY: CVE-2020-11993 (cve.mitre.org)
  mod_http2: when throttling connection requests, log statements
  where possibly made that result in concurrent, unsafe use of
  a memory pool. [Stefan Eissing]

SECURITY:
  mod_http2: a specially crafted value for the 'Cache-Digest' header
  request would result in a crash when the server actually tries
  to HTTP/2 PUSH a resource afterwards.
  [Stefan Eissing, Eric Covener, Christophe Jaillet]

Signed-off-by: Sebastian Kemper <redacted>
net/apache/Makefile diff | blob | history
git clone https://git.99rst.org/PROJECT