kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/www/apache24
History
adam c5a43e157a apache24: updated to 2.4.51 
Changes with Apache 2.4.51

*) SECURITY: CVE-2021-42013: Path Traversal and Remote Code
   Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete
   fix of CVE-2021-41773) (cve.mitre.org)
   It was found that the fix for CVE-2021-41773 in Apache HTTP
   Server 2.4.50 was insufficient.  An attacker could use a path
   traversal attack to map URLs to files outside the directories
   configured by Alias-like directives.
   If files outside of these directories are not protected by the
   usual default configuration "require all denied", these requests
   can succeed. If CGI scripts are also enabled for these aliased
   pathes, this could allow for remote code execution.
   This issue only affects Apache 2.4.49 and Apache 2.4.50 and not
   earlier versions.

*) core: Add ap_unescape_url_ex() for better decoding control, and deprecate
   unused AP_NORMALIZE_DROP_PARAMETERS flag.
2021-10-07 19:05:24 +00:00
..
files
patches Add expr suppoort in mod_subsitutre RHS, from upstream trunk 2020-05-04 12:26:37 +00:00
buildlink3.mk *: bump PKGREVISION for perl-5.32. 2020-08-31 18:06:29 +00:00
DESCR
distinfo apache24: updated to 2.4.51 2021-10-07 19:05:24 +00:00
Makefile apache24: updated to 2.4.51 2021-10-07 19:05:24 +00:00
MESSAGE
options.mk On Arch Linux, at least, mod_md will be built (and cause a PLIST 2021-07-13 13:12:44 +00:00
PLIST apache: update to 2.4.48. 2021-06-04 09:47:15 +00:00