From nobody Mon Mar 14 19:10:53 2022 X-Original-To: apache@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 0B5B91A125F6 for ; Mon, 14 Mar 2022 19:10:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KHR2j617Bz4tq4 for ; Mon, 14 Mar 2022 19:10:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id AF1061341A for ; Mon, 14 Mar 2022 19:10:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 22EJArtX045608 for ; Mon, 14 Mar 2022 19:10:53 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 22EJArZr045607 for apache@FreeBSD.org; Mon, 14 Mar 2022 19:10:53 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: apache@FreeBSD.org Subject: [Bug 262557] [PATCH] www/apache24 - Update to 2.4.53 (Fix CVEs) see https://reviews.freebsd.org/D34549 Date: Mon, 14 Mar 2022 19:10:53 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: cy@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: apache@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? maintainer-feedback? merge-quarterly? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Support of apache-related ports List-Archive: https://lists.freebsd.org/archives/freebsd-apache List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-apache@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1647285053; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=cSWGKbxzsle8hRz6erBTFmCVkNPet/qdtElzx2SGQQQ=; b=a22GBZxaDeYErW7AMqvY4gMeJUv8OPkUNyTaIs4ckebDuA4/3C0KhZ03PhnZOr/snTm3pp gVqOMSmKo6sSSBJf9vhTH4SEwDwbB9MofseexaDGaV99Kq3Y/+fqmjzMDTzjXNrkX1Ovgu d55W5ioCnaabknrUum1GFHyVT0ZJpUuaHL+xmLQbiQAt41haNU5cHeXtWl8ybSDgfW5jru DdYyM6e56OPrYswFPqCkSFoEGmkI+jqsGNFOm0sLvjJeg48/Ljt5r+/yqy9sm3a+V05p7W eR5fAl5GTAZnvsk3yUoiuan0zla+Pu+VvrQm0pvSlimuidq5xvntoAMFAGP/VQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1647285053; a=rsa-sha256; cv=none; b=k4VjNsH+N5Toec8vKF6Cy+Uz6zvN+ade/nhJkSdmbK3+GQwGATFjzu5vy6nUm9zF17zYT+ p32qs8Foanb/10kuPvat6Hff0MeaqS3A/m2lWsE4e9ADw0Un4io0uN3NRXFcbLdAlQZvlv clkP0ZWlVubyyaidUc49UA5JidGCNuILPF1xBYE6nTAc4/fGPASGXIz7UrXbxtz9B22/kX ohiLJAwOOIcNUsiaX7Na60tt2b0KJqrQV3FRnWR8ELV9SrPuFKfrOiZ37ScEQ2n39QVI/N w+atwW7QF5OIocoigTmXKkDoMJ6XM1m5YwuxGcnB4x9Sr8BDV7PHnBWIjvgldQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D262557 --- Comment #4 from Cy Schubert --- Subject: CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody=20 From: Stefan Eissing Date: Mon, 14 Mar 2022 10:07:40 +0000 (03:07 PDT) To: announce@apache.org, dev@httpd.apache.org (text/plain) (Unknown charset: ) Severity: low Description: If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. Credit: Anonymous working with Trend Micro Zero Day Initiative --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.=