You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ic...@apache.org on 2021/09/16 07:58:13 UTC

svn commit: r49954 - in /release/httpd: CHANGES_2.4 CHANGES_2.4.49 CURRENT-IS-2.4.48 CURRENT-IS-2.4.49

Author: icing
Date: Thu Sep 16 07:58:13 2021
New Revision: 49954

Log:
publishing release httpd-2.4.49

Added:
    release/httpd/CURRENT-IS-2.4.49
Removed:
    release/httpd/CURRENT-IS-2.4.48
Modified:
    release/httpd/CHANGES_2.4
    release/httpd/CHANGES_2.4.49

Modified: release/httpd/CHANGES_2.4
==============================================================================
--- release/httpd/CHANGES_2.4 (original)
+++ release/httpd/CHANGES_2.4 Thu Sep 16 07:58:13 2021
@@ -1,6 +1,21 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.49
 
+  *) SECURITY: CVE-2021-40438 (cve.mitre.org)
+     mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty [Yann Ylavic]
+
+  *) SECURITY: CVE-2021-39275 (cve.mitre.org)
+     core: ap_escape_quotes buffer overflow
+
+  *) SECURITY: CVE-2021-36160 (cve.mitre.org)
+     mod_proxy_uwsgi: Out of bound read vulnerability [Yann Ylavic]
+
+  *) SECURITY: CVE-2021-34798 (cve.mitre.org)
+     core: null pointer dereference on malformed request
+
+  *) SECURITY: CVE-2021-33193 (cve.mitre.org)
+     mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing]
+
   *) core/mod_proxy/mod_ssl:
      Adding `outgoing` flag to conn_rec, indicating a connection is
      initiated by the server to somewhere, in contrast to incoming

Modified: release/httpd/CHANGES_2.4.49
==============================================================================
--- release/httpd/CHANGES_2.4.49 (original)
+++ release/httpd/CHANGES_2.4.49 Thu Sep 16 07:58:13 2021
@@ -1,6 +1,21 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.49
 
+  *) SECURITY: CVE-2021-40438 (cve.mitre.org)
+     mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty [Yann Ylavic]
+
+  *) SECURITY: CVE-2021-39275 (cve.mitre.org)
+     core: ap_escape_quotes buffer overflow
+
+  *) SECURITY: CVE-2021-36160 (cve.mitre.org)
+     mod_proxy_uwsgi: Out of bound read vulnerability [Yann Ylavic]
+
+  *) SECURITY: CVE-2021-34798 (cve.mitre.org)
+     core: null pointer dereference on malformed request
+
+  *) SECURITY: CVE-2021-33193 (cve.mitre.org)
+     mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing]
+
   *) core/mod_proxy/mod_ssl:
      Adding `outgoing` flag to conn_rec, indicating a connection is
      initiated by the server to somewhere, in contrast to incoming

Added: release/httpd/CURRENT-IS-2.4.49
==============================================================================
    (empty)