GNU bug report logs -
#51050
[PATCH] gnu: Apache httpd: Update to 2.4.50 [Fixes CVE-2021-{41524, 41773}].
Previous Next
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Wed, 6 Oct 2021 01:06:02 UTC
Severity: normal
Tags: patch
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 51050 in the body.
You can then email your comments to 51050 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org
:
bug#51050
; Package
guix-patches
.
(Wed, 06 Oct 2021 01:06:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Leo Famulari <leo <at> famulari.name>
:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org
.
(Wed, 06 Oct 2021 01:06:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
This update includes an important fix for an actively exploited path traversal
vulnerability (CVE-2021-41773), which allows attackers to access files outside
the "document root":
https://httpd.apache.org/security/vulnerabilities_24.html
* gnu/packages/web.scm (httpd): Update to 2.4.50.
---
gnu/packages/web.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 0ea362c452..5819973c66 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -252,14 +252,14 @@
(define-public httpd
(package
(name "httpd")
- (version "2.4.49")
+ (version "2.4.50")
(source (origin
(method url-fetch)
(uri (string-append "mirror://apache/httpd/httpd-"
version ".tar.bz2"))
(sha256
(base32
- "0fqkfjcpdd40ji2279wfxh5hddb5jdxlnpjr0sbhva8fi7b6bfb5"))))
+ "03w9nc7v0rqljxazikbrlgbw7lq72i8n7n9ynlp6h1n6f301fa3a"))))
(build-system gnu-build-system)
(native-inputs `(("pcre" ,pcre "bin"))) ;for 'pcre-config'
(inputs `(("apr" ,apr)
--
2.33.0
Reply sent
to
Leo Famulari <leo <at> famulari.name>
:
You have taken responsibility.
(Wed, 06 Oct 2021 04:09:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Leo Famulari <leo <at> famulari.name>
:
bug acknowledged by developer.
(Wed, 06 Oct 2021 04:09:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 51050-done <at> debbugs.gnu.org (full text, mbox):
Pushed as f868ed2a75b55400107b80fcc1e41dcfb6b3c28c
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Wed, 03 Nov 2021 11:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 2 years and 176 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.