OpenCSW Bug Tracker

Project:

Viewing Issue Simple Details [ Jump to Notes ]

[ View Advanced ] [ Issue History ] [ Print ]

ID

Category

Severity

Reproducibility

Date Submitted

Last Update

0005284

[apache2] upgrade

minor

always

2016-09-26 17:19

2017-10-29 12:28

Reporter

briandking

View Status

public

Assigned To

dam

Priority

normal

Resolution

fixed

Status

closed

Summary

0005284: Security Fix for "httpoxy" CVE-2016-5387

Description

Apache should be at version 2.2.32 to fix the latest known security issues documented here: https://httpd.apache.org/security/vulnerabilities_22.html [^]

In particular, 2.2.31 (currently the latest available on OpenCSW) is vulnerable to "httpoxy" CVE-2016-5387: https://www.apache.org/security/asf-httpoxy-response.txt [^]

Additional Information

Tags

No tags attached.

Relationships

Notes
(0011195) jh (developer) 2016-10-04 14:22	there is no 2.2.32 release yet. Will update as soon as it is released

(0011238) briandking (reporter) 2017-02-10 14:35	2.2.32 was released 2017-01-13 It is available here: https://httpd.apache.org/download.cgi#apache22 [^]

(0011239) dam (administrator) 2017-02-10 16:56	Apache 2.2.32,REV=2017.02.10 has been pushed to unstable/. Thanks for the reminder -- Dago

Issue History
Date Modified	Username	Field	Change
2016-09-26 17:19	briandking	New Issue
2016-10-04 14:21	jh	Status	new => assigned
2016-10-04 14:21	jh	Assigned To	=> jh
2016-10-04 14:22	jh	Note Added: 0011195
2016-10-04 14:22	jh	Status	assigned => acknowledged
2017-02-10 14:35	briandking	Note Added: 0011238
2017-02-10 15:08	dam	Status	acknowledged => assigned
2017-02-10 15:08	dam	Assigned To	jh => dam
2017-02-10 16:56	dam	Note Added: 0011239
2017-02-10 16:56	dam	Status	assigned => resolved
2017-02-10 16:56	dam	Resolution	open => fixed
2017-10-29 12:28	dam	Status	resolved => closed

Copyright © 2000 - 2008 Mantis Group