Bug 24615

Summary: apache new security issues CVE-2019-019[67], CVE-2019-021[157], CVE-2019-0220
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Shlomi Fish <shlomif>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: marja11, mhrambo3501
Version: 6   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: apache-2.4.38-1.mga7.src.rpm CVE:
Status comment: Fixed upstream in 2.4.39
Bug Depends on: 25316    
Bug Blocks:    

Description David Walser 2019-04-03 13:21:22 CEST 
Upstream has released Apache 2.4.39 on April 2, fixing several security issues:
https://httpd.apache.org/security/vulnerabilities_24.html
http://www.apache.org/dist/httpd/CHANGES_2.4.39

Mageia 6 is also affected.
David Walser 2019-04-03 13:21:34 CEST

Whiteboard: (none) => MGA6TOO
Status comment: (none) => Fixed upstream in 2.4.39

Comment 1 Marja Van Waes 2019-04-04 14:34:31 CEST 
Assinging to the registered apache maintainer.

Assignee: bugsquad => shlomif
CC: (none) => marja11

Comment 2 David Walser 2019-04-21 19:22:25 CEST 
apache-2.4.39-1.mga7 uploaded for Cauldron by Shlomi.

Whiteboard: MGA6TOO => (none)
Version: Cauldron => 6

Comment 3 David Walser 2019-05-03 19:44:53 CEST 
openSUSE has issued an advisory for this on April 16:
https://lists.opensuse.org/opensuse-updates/2019-04/msg00124.html
David Walser 2019-08-16 14:52:46 CEST

Depends on: (none) => 25316

Comment 4 Mike Rambo 2019-11-06 21:25:34 CET 
Mageia 6 is EOL.

CC: (none) => mrambo
Status: NEW => RESOLVED
Resolution: (none) => OLD