jolheiser/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

apache-httpd: 2.4.38 -> 2.4.39 (CVE-2019-0211)

Browse Source 
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or
prefork, code executing in less-privileged child processes or
threads (including scripts executed by an in-process scripting interpreter)
could execute arbitrary code with the privileges of the parent process (usually
root) by manipulating the scoreboard.
This commit is contained in:
Peter Simons 2019-04-02 09:46:25 +02:00
parent a01129912f
commit 2017158b53
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkgs/servers/http/apache-httpd/2.4.nix
View File

@ -16,12 +16,12 @@ assert ldapSupport -> aprutil.ldapSupport && openldap != null;
assert http2Support -> nghttp2 != null; assert http2Support -> nghttp2 != null;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "2.4.38"; version = "2.4.39";
name = "apache-httpd-${version}"; name = "apache-httpd-${version}";
src = fetchurl { src = fetchurl {
url = "mirror://apache/httpd/httpd-${version}.tar.bz2"; url = "mirror://apache/httpd/httpd-${version}.tar.bz2";
sha256 = "0jiriyyf3pm6axf4mrz6c2z08yhs21hb4d23viq87jclm5bmiikx"; sha256 = "18ngvsjq65qxk3biggnkhkq8jlll9dsg9n3csra9p99sfw2rvjml";
}; };
# FIXME: -dev depends on -doc # FIXME: -dev depends on -doc