Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2024-12-29 10:25:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
slackware-current/patches/source/httpd
History
Patrick J Volkerding 1e2fa38645 Thu Apr 4 20:49:23 UTC 2024 
patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  HTTP/2 DoS by memory exhaustion on endless continuation frames.
  HTTP Response Splitting in multiple modules.
  HTTP response splitting.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.59
    https://www.cve.org/CVERecord?id=CVE-2024-27316
    https://www.cve.org/CVERecord?id=CVE-2024-24795
    https://www.cve.org/CVERecord?id=CVE-2023-38709
  (* Security fix *)
patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION
  frames even after a stream is reset to keep HPACK context in sync. This
  causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates
  this vulnerability by limiting the number of CONTINUATION frames it can
  accept after a HEADERS frame.
  For more information, see:
    https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
    https://www.kb.cert.org/vuls/id/421644
    https://www.cve.org/CVERecord?id=CVE-2024-28182
  (* Security fix *)
2024-04-05 13:30:57 +02:00
..
doinst.sh Tue Mar 15 00:13:59 UTC 2022 2022-03-15 13:30:00 +01:00
httpd.runasapache.diff Tue Mar 15 00:13:59 UTC 2022 2022-03-15 13:30:00 +01:00
httpd.SlackBuild Tue Mar 15 00:13:59 UTC 2022 2022-03-15 13:30:00 +01:00
httpd.url Thu Apr 4 20:49:23 UTC 2024 2024-04-05 13:30:57 +02:00
logrotate.httpd Tue Mar 15 00:13:59 UTC 2022 2022-03-15 13:30:00 +01:00
rc.httpd Thu Oct 19 19:14:05 UTC 2023 2023-10-20 13:30:46 +02:00
slack-desc Tue Mar 15 00:13:59 UTC 2022 2022-03-15 13:30:00 +01:00