GNU bug report logs -
#51050
[PATCH] gnu: Apache httpd: Update to 2.4.50 [Fixes CVE-2021-{41524, 41773}].
Previous Next
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Wed, 6 Oct 2021 01:06:02 UTC
Severity: normal
Tags: patch
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
This update includes an important fix for an actively exploited path traversal
vulnerability (CVE-2021-41773), which allows attackers to access files outside
the "document root":
https://httpd.apache.org/security/vulnerabilities_24.html
* gnu/packages/web.scm (httpd): Update to 2.4.50.
---
gnu/packages/web.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 0ea362c452..5819973c66 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -252,14 +252,14 @@
(define-public httpd
(package
(name "httpd")
- (version "2.4.49")
+ (version "2.4.50")
(source (origin
(method url-fetch)
(uri (string-append "mirror://apache/httpd/httpd-"
version ".tar.bz2"))
(sha256
(base32
- "0fqkfjcpdd40ji2279wfxh5hddb5jdxlnpjr0sbhva8fi7b6bfb5"))))
+ "03w9nc7v0rqljxazikbrlgbw7lq72i8n7n9ynlp6h1n6f301fa3a"))))
(build-system gnu-build-system)
(native-inputs `(("pcre" ,pcre "bin"))) ;for 'pcre-config'
(inputs `(("apr" ,apr)
--
2.33.0
This bug report was last modified 3 years and 281 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.