CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2025/07/11 05:56:02
Modified files:
www/apache-httpd: Tag: OPENBSD_7_7 Makefile distinfo
www/apache-httpd/patches: Tag: OPENBSD_7_7 patch-configure
Log message:
update to apache-httpd-2.4.64, same diff/ok giovanni@, various CVEs
low:
- SSRF with mod_headers setting Content-Type header (CVE-2024-43204)
- mod_ssl error log variable escaping (CVE-2024-47252)
- mod_proxy_http2 denial of service (CVE-2025-49630)
moderate:
- HTTP response splitting (CVE-2024-42516)
- SSRF on Windows due to UNC paths (CVE-2024-43394)
- mod_ssl access control bypass with session resumption (CVE-2025-23048)
- mod_ssl TLS upgrade attack (CVE-2025-49812)
- HTTP/2 DoS by Memory Increase (CVE-2025-53020)
