Commits
Bernd Kuhls committed baf5a9d8c75
package/apache: security bump to version 2.4.27 Fixes the following security issues: CVE-2017-9788 - Uninitialized memory reflection in mod_auth_digest The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments. by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault. CVE-2017-9789 - Read after free in mod_http2 When under stress, closing many connections, the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. Announcement: http://www.apache.org/dist/httpd/Announcement2.4.html Release notes: http://www.apache.org/dist/httpd/CHANGES_2.4.27 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit cf9b7cedac14de7cf5650589bf4c37635b5438a9) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>