godotengine/buildroot
1
0
Fork 0
mirror of https://github.com/godotengine/buildroot.git synced 2026-01-01 13:49:03 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
2018.02.x
buildroot/package/apache
History
Peter Korsgaard 35f240e39c package/apache: security bump to version 2.4.38 
Fixes the following security vulnerabilities:

  *) SECURITY: CVE-2018-17199 (cve.mitre.org)
     mod_session: mod_session_cookie does not respect expiry time allowing
     sessions to be reused.  [Hank Ibell]

  *) SECURITY: CVE-2018-17189 (cve.mitre.org)
     mod_http2: fixes a DoS attack vector. By sending slow request bodies
     to resources not consuming them, httpd cleanup code occupies a server
     thread unnecessarily. This was changed to an immediate stream reset
     which discards all stream state and incoming data.  [Stefan Eissing]

  *) SECURITY: CVE-2019-0190 (cve.mitre.org)
     mod_ssl: Fix infinite loop triggered by a client-initiated
     renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
     later.  PR 63052.  [Joe Orton]

For more details, see the CHANGES file:
https://www.apache.org/dist/httpd/CHANGES_2.4.38

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7675863549)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-29 19:29:39 +01:00
..
0001-cross-compile.patch
0002-nios2_is_not_os2.patch
apache.hash
package/apache: security bump to version 2.4.38
2019-01-29 19:29:39 +01:00
apache.mk
package/apache: security bump to version 2.4.38
2019-01-29 19:29:39 +01:00
Config.in
package/a*/Config.in: fix help text wrapping
2017-05-11 23:25:00 +02:00