diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2022-06-08 19:15:34 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2022-06-09 13:30:28 +0200 |
| commit | 348dffe043c24552437ca1408bc83fb20db9774b (patch) | |
| tree | 0e3d52595ef4b81132c28a470082acd8bad82f56 /ChangeLog.rss | |
| parent | b9f4e8dc0eff328898247502d52d5cb9b08272fa (diff) | |
| download | current-348dffe043c24552437ca1408bc83fb20db9774b.tar.gz current-348dffe043c24552437ca1408bc83fb20db9774b.tar.xz | |
Wed Jun 8 19:15:34 UTC 202220220608191534_15.0
patches/packages/httpd-2.4.54-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and the following security issues:
mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism.
Information Disclosure in mod_lua with websockets.
mod_sed denial of service.
Denial of service in mod_lua r:parsebody.
Read beyond bounds in ap_strcmp_match().
Read beyond bounds via ap_rwrite().
Read beyond bounds in mod_isapi.
mod_proxy_ajp: Possible request smuggling.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.54
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377
(* Security fix *)
Diffstat (limited to 'ChangeLog.rss')
| -rw-r--r-- | ChangeLog.rss | 35 |
1 files changed, 33 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss index bebc82542..4cd638e97 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,10 +11,41 @@ <description>Tracking Slackware development in git.</description> <language>en-us</language> <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id> - <pubDate>Sat, 4 Jun 2022 18:43:17 GMT</pubDate> - <lastBuildDate>Sun, 5 Jun 2022 11:30:14 GMT</lastBuildDate> + <pubDate>Wed, 8 Jun 2022 19:15:34 GMT</pubDate> + <lastBuildDate>Thu, 9 Jun 2022 11:30:15 GMT</lastBuildDate> <generator>maintain_current_git.sh v 1.17</generator> <item> + <title>Wed, 8 Jun 2022 19:15:34 GMT</title> + <pubDate>Wed, 8 Jun 2022 19:15:34 GMT</pubDate> + <link>https://git.slackware.nl/current/tag/?h=20220608191534</link> + <guid isPermaLink="false">20220608191534</guid> + <description> + <![CDATA[<pre> +patches/packages/httpd-2.4.54-x86_64-1_slack15.0.txz: Upgraded. + This update fixes bugs and the following security issues: + mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism. + Information Disclosure in mod_lua with websockets. + mod_sed denial of service. + Denial of service in mod_lua r:parsebody. + Read beyond bounds in ap_strcmp_match(). + Read beyond bounds via ap_rwrite(). + Read beyond bounds in mod_isapi. + mod_proxy_ajp: Possible request smuggling. + For more information, see: + https://downloads.apache.org/httpd/CHANGES_2.4.54 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28330 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377 + (* Security fix *) + </pre>]]> + </description> + </item> + <item> <title>Sat, 4 Jun 2022 18:43:17 GMT</title> <pubDate>Sat, 4 Jun 2022 18:43:17 GMT</pubDate> <link>https://git.slackware.nl/current/tag/?h=20220604184317</link> |