maintainer-feedback requested: [Bug 262557] [PATCH] www/apache24 - Update to 2.4.53 (Fix CVEs) see https://reviews.freebsd.org/D34549
Date: Mon, 14 Mar 2022 19:02:51 UTC
Bugzilla Automation <bugzilla@FreeBSD.org> has asked freebsd-apache (Nobody) <apache@FreeBSD.org> for maintainer-feedback: Bug 262557: [PATCH] www/apache24 - Update to 2.4.53 (Fix CVEs) see https://reviews.freebsd.org/D34549 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262557 --- Description --- Please see https://reviews.freebsd.org/D34549 for the patch. 2.4.53 fixes the following CVEs" - CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier - CVE-2022-22719: Apache HTTP Server: mod_lua Use of uninitialized value of in r:parsebody - CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody