[Buildroot] [PATCH] package/apache: security bump to version 2.4.43

Peter Korsgaard peter at korsgaard.com
Thu Apr 30 13:02:47 UTC 2020


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security issues:
 >   *) SECURITY: CVE-2020-1934 (cve.mitre.org)
 >      mod_proxy_ftp: Use of uninitialized value with malicious backend FTP
 >      server. [Eric Covener]

 >   *) SECURITY: CVE-2020-1927 (cve.mitre.org)
 >      rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable
 >      matches and substitutions with encoded line break characters.
 >      The fix for CVE-2019-10098 was not effective.  [Ruediger Pluem]

 > The LICENSE file has been updated to fix a s/waranties/warranties/ typo, so
 > update the hash to match and adjust the spacing to match recent agreements:

 > -This software is provided "as is" and any express or implied waranties,
 > +This software is provided "as is" and any express or implied warranties,

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2020.02.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list