Bug 24615 - apache new security issues CVE-2019-019[67], CVE-2019-021[157], CVE-2019-0220
Summary: apache new security issues CVE-2019-019[67], CVE-2019-021[157], CVE-2019-0220
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: Shlomi Fish
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on: 25316
Blocks:
  Show dependency treegraph
 
Reported: 2019-04-03 13:21 CEST by David Walser
Modified: 2019-11-06 21:25 CET (History)
2 users (show)

See Also:
Source RPM: apache-2.4.38-1.mga7.src.rpm
CVE:
Status comment: Fixed upstream in 2.4.39

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2019-04-03 13:21:22 CEST 
Upstream has released Apache 2.4.39 on April 2, fixing several security issues:
https://httpd.apache.org/security/vulnerabilities_24.html
http://www.apache.org/dist/httpd/CHANGES_2.4.39

Mageia 6 is also affected.
David Walser 2019-04-03 13:21:34 CEST

Whiteboard: (none) => MGA6TOO
Status comment: (none) => Fixed upstream in 2.4.39

Comment 1 Marja Van Waes 2019-04-04 14:34:31 CEST 
Assinging to the registered apache maintainer.

Assignee: bugsquad => shlomif
CC: (none) => marja11

Comment 2 David Walser 2019-04-21 19:22:25 CEST 
apache-2.4.39-1.mga7 uploaded for Cauldron by Shlomi.

Whiteboard: MGA6TOO => (none)
Version: Cauldron => 6

Comment 3 David Walser 2019-05-03 19:44:53 CEST 
openSUSE has issued an advisory for this on April 16:
https://lists.opensuse.org/opensuse-updates/2019-04/msg00124.html
David Walser 2019-08-16 14:52:46 CEST

Depends on: (none) => 25316

Comment 4 Mike Rambo 2019-11-06 21:25:34 CET 
Mageia 6 is EOL.

CC: (none) => mrambo
Status: NEW => RESOLVED
Resolution: (none) => OLD
Note You need to log in before you can comment on or make changes to this bug.