maintainer-feedback requested: [Bug 270037] www/apache24: Security Update to 2.4.56

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 270037] www/apache24: Security Update to 2.4.56"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 08 Mar 2023 13:43:55 UTC

Bugzilla Automation <bugzilla@FreeBSD.org> has asked freebsd-apache (Nobody)
<apache@FreeBSD.org> for maintainer-feedback:
Bug 270037: www/apache24: Security Update to 2.4.56
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270037



--- Description ---
Posting in oss-security mailing list:

CVE-2023-25690: Apache HTTP Server: HTTP request splitting with mod_rewrite and
mod_proxy
https://www.openwall.com/lists/oss-security/2023/03/07/1

CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting
https://www.openwall.com/lists/oss-security/2023/03/07/2

And Apache httpd ChangeLog for 2.4.56:
https://downloads.apache.org/httpd/CHANGES_2.4.56