Overview
Request 333177 accepted
13.1:
- add httpd-2.4.6-ap_some_auth_required_API_unusable.patch to
replace ap_some_auth_required (unusable in Apache httpd 2.4)
with new ap_some_authn_required and ap_force_authn hook
[bnc#938723], [CVE-2015-3185]
- add httpd-2.4.6-chunk_header_parsing_defect.patch to parse chunk
headers properly [bnc#938728], [CVE-2015-3183]
13.2:
- add httpd-2.4.10-ap_some_auth_required_API_unusable.patch to
replace ap_some_auth_required (unusable in Apache httpd 2.4)
with new ap_some_authn_required and ap_force_authn hook
[bnc#938723], [CVE-2015-3185]
- add httpd-2.4.10-chunk_header_parsing_defect.patch to parse chunk
headers properly [bnc#938728], [CVE-2015-3183]
- fix Logjam vulnerability: change SSLCipherSuite cipherstring to
disable export cipher suites and deploy Ephemeral Elliptic-Curve
Diffie-Hellman (ECDHE) ciphers. Adjust 'gensslcert' script to
generate a strong and unique Diffie Hellman Group and append it
to the server certificate file [bnc#931723], [CVE-2015-4000]
- Created by kstreitova
- In state accepted
Request History
kstreitova created request
13.1:
- add httpd-2.4.6-ap_some_auth_required_API_unusable.patch to
replace ap_some_auth_required (unusable in Apache httpd 2.4)
with new ap_some_authn_required and ap_force_authn hook
[bnc#938723], [CVE-2015-3185]
- add httpd-2.4.6-chunk_header_parsing_defect.patch to parse chunk
headers properly [bnc#938728], [CVE-2015-3183]
13.2:
- add httpd-2.4.10-ap_some_auth_required_API_unusable.patch to
replace ap_some_auth_required (unusable in Apache httpd 2.4)
with new ap_some_authn_required and ap_force_authn hook
[bnc#938723], [CVE-2015-3185]
- add httpd-2.4.10-chunk_header_parsing_defect.patch to parse chunk
headers properly [bnc#938728], [CVE-2015-3183]
- fix Logjam vulnerability: change SSLCipherSuite cipherstring to
disable export cipher suites and deploy Ephemeral Elliptic-Curve
Diffie-Hellman (ECDHE) ciphers. Adjust 'gensslcert' script to
generate a strong and unique Diffie Hellman Group and append it
to the server certificate file [bnc#931723], [CVE-2015-4000]
maintbot added apache2 as a reviewer
Submission by someone who is not maintainer in the devel project. Please review
maintbot accepted review
accepted
pgajdos accepted review
ok
pgajdos approved review
ok
msmeissn moved maintenance target to openSUSE:Maintenance:4048
msmeissn accepted request
ok