| httpd-2.4.35-1.an3.src
[8.1 MiB] |
Changelog
by JoungKyun.Kim (2018-10-13):
- update 2.4.35
see also http://www.apache.org/dist/httpd/CHANGES_2.4.35
|
| httpd-2.4.34-1.an3.src
[8.0 MiB] |
Changelog
by JoungKyun.Kim (2018-08-19):
- update 2.4.34
see also http://www.apache.org/dist/httpd/CHANGES_2.4.34
- security issues
. CVE-2018-8011 mod_md
DoS via Coredumps on specially crafted requests
. CVE-2018-1333 mod_http2
DoS for HTTP/2 connections by specially crafted requests
|
| httpd-2.4.33-1.an3.src
[8.0 MiB] |
Changelog
by JoungKyun.Kim (2018-04-08):
- update 2.4.33
see also http://www.apache.org/dist/httpd/CHANGES_2.4.33
see also http://www.apache.org/dist/httpd/CHANGES_2.4.32
see also http://www.apache.org/dist/httpd/CHANGES_2.4.29
- add mod_md module
- security issues
. CVE-2017-15710 mod_authnz_ldap:
Out of bound write with AuthLDAPCharsetConfig enabled
. CVE-2017-15715 core:
Configure the regular expression engine to match '$' to the end of
the input string only, excluding matching the end of any embedded
newline characters. Behavior can be changed with new directive
'RegexDefaultOptions'.
. CVE-2018-1283 mod_session:
CGI-like applications that intend to read from mod_session's
'SessionEnv ON' could be fooled into reading user-supplied data instead.
. CVE-2018-1301 core:
Possible crash with excessively long HTTP request headers.
Impractical to exploit with a production build and production LogLevel.
. CVE-2018-1302 mod_http2: Potential crash w/ mod_http2
. CVE-2018-1303 mod_cache_socache:
Fix request headers parsing to avoid a possible crash
with specially crafted input data.
. CVE-2018-1312 mod_auth_digest:
Fix generation of nonce values to prevent replay
attacks across servers using a common Digest domain. This change
may cause problems if used with round robin load balancers.
|
| httpd-2.4.28-1.an3.src
[7.7 MiB] |
Changelog
by JoungKyun.Kim (2017-10-14):
- update 2.4.28
see also http://www.apache.org/dist/httpd/CHANGES_2.4.28
- security issues
. CVE-2017-9798
Corrupted or freed memory access.
. PR61382
mod_http2: Fix for stalling when more than 32KB are written to a suspended stream.
|
| httpd-2.4.27-1.an3.src
[7.6 MiB] |
Changelog
by JoungKyun.Kim (2017-07-17):
- update 2.4.27
see also http://www.apache.org/dist/httpd/CHANGES_2.4.27
- security issues
. CVE-2017-7679
. CVE-2017-7668
. CVE-2017-7659
. CVE-2017-3169
. CVE-2017-3167
|
| httpd-2.4.25-1.an3.src
[7.5 MiB] |
Changelog
by JoungKyun.Kim (2017-01-21):
- update 2.4.25
see also http://www.apache.org/dist/httpd/CHANGES_2.4.25
- security issues
. CVE-2016-8740
. CVE-2016-2161
. CVE-2016-0736
. CVE-2016-8743
|
| httpd-2.4.23-2.an3.src
[7.5 MiB] |
Changelog
by JoungKyun.Kim (2016-08-25):
- support package name alias http-ssl, http-ldap, http-proxy-html, http-session
|
| httpd-2.4.23-1.an3.src
[7.5 MiB] |
Changelog
by JoungKyun.Kim (2016-07-21):
- update 2.4.23
- security issues
. CVE-2016-5387
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and
therefore does not protect applications from the presence of untrusted
client data in the HTTP_PROXY environment variable, which might allow
remote attackers to redirect an application's outbound HTTP traffic to an
arbitrary proxy server via a crafted Proxy header in an HTTP request, aka
an "httpoxy" issue.
|
| httpd-2.4.18-3.an3.src
[6.3 MiB] |
Changelog
by JoungKyun.Kim (2016-02-03):
- move ssl.conf to httpd-conf package
|
| httpd-2.4.18-2.an3.src
[6.3 MiB] |
Changelog
by JoungKyun.Kim (2016-02-01):
- support ALPN for http2
|
| httpd-2.4.18-1.an3.src
[6.3 MiB] |
Changelog
by JoungKyun.Kim (2016-01-14):
- update 2.4.18
|
| httpd-2.4.17-2.an3.src
[6.3 MiB] |
Changelog
by JoungKyun.Kim (2015-12-15):
- fixed perl dependency problems
|
| httpd-2.4.17-1.an3.src
[6.3 MiB] |
Changelog
by JoungKyun.Kim (2015-11-11):
- update 2.4.17
|
| httpd-2.4.16-1.an3.src
[6.3 MiB] |
Changelog
by JoungKyun.Kim (2015-08-31):
- update 2.4.16
- security issues
. CVE-2015-3183
. CVE-2015-3185
. CVE-2015-0253
. CVE-2015-0228
|
| httpd-2.4.12-1.an3.src
[6.2 MiB] |
Changelog
by JoungKyun.Kim (2015-02-03):
- update 2.4.12
- add External404Title directive
- fixed broken korean in SSI
|