OpenCSW Bug Tracker

Main | My View | View Issues
  

Viewing Issue Advanced Details Jump to Notes ] View Simple ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0005284 [apache2] upgrade minor always 2016-09-26 17:19 2017-10-29 12:28
Reporter briandking View Status public  
Assigned To dam
Priority normal Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Product Build
Summary 0005284: Security Fix for "httpoxy" CVE-2016-5387
Description Apache should be at version 2.2.32 to fix the latest known security issues documented here: https://httpd.apache.org/security/vulnerabilities_22.html [^]

In particular, 2.2.31 (currently the latest available on OpenCSW) is vulnerable to "httpoxy" CVE-2016-5387: https://www.apache.org/security/asf-httpoxy-response.txt [^]
Steps To Reproduce
Additional Information
Tags No tags attached.
Attached Files

- Relationships

-  Notes
(0011195)
jh (developer)
2016-10-04 14:22

 there is no 2.2.32 release yet. Will update as soon as it is released
(0011238)
briandking (reporter)
2017-02-10 14:35

 2.2.32 was released 2017-01-13

It is available here: https://httpd.apache.org/download.cgi#apache22 [^]
(0011239)
dam (administrator)
2017-02-10 16:56

 Apache 2.2.32,REV=2017.02.10 has been pushed to unstable/.

Thanks for the reminder -- Dago

- Issue History
Date Modified Username Field Change
2016-09-26 17:19 briandking New Issue
2016-10-04 14:21 jh Status new => assigned
2016-10-04 14:21 jh Assigned To => jh
2016-10-04 14:22 jh Note Added: 0011195
2016-10-04 14:22 jh Status assigned => acknowledged
2017-02-10 14:35 briandking Note Added: 0011238
2017-02-10 15:08 dam Status acknowledged => assigned
2017-02-10 15:08 dam Assigned To jh => dam
2017-02-10 16:56 dam Note Added: 0011239
2017-02-10 16:56 dam Status assigned => resolved
2017-02-10 16:56 dam Resolution open => fixed
2017-10-29 12:28 dam Status resolved => closed

Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker