From f868ed2a75b55400107b80fcc1e41dcfb6b3c28c Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Tue, 5 Oct 2021 20:50:19 -0400 Subject: [PATCH] gnu: Apache httpd: Update to 2.4.50 [Fixes CVE-2021-{41524,41773}]. This update includes an important fix for an actively exploited path traversal vulnerability (CVE-2021-41773), which allows attackers to access files outside the "document root": https://httpd.apache.org/security/vulnerabilities_24.html * gnu/packages/web.scm (httpd): Update to 2.4.50. --- gnu/packages/web.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index 0ea362c452..5819973c66 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -252,14 +252,14 @@ (define-public qhttp (define-public httpd (package (name "httpd") - (version "2.4.49") + (version "2.4.50") (source (origin (method url-fetch) (uri (string-append "mirror://apache/httpd/httpd-" version ".tar.bz2")) (sha256 (base32 - "0fqkfjcpdd40ji2279wfxh5hddb5jdxlnpjr0sbhva8fi7b6bfb5")))) + "03w9nc7v0rqljxazikbrlgbw7lq72i8n7n9ynlp6h1n6f301fa3a")))) (build-system gnu-build-system) (native-inputs `(("pcre" ,pcre "bin"))) ;for 'pcre-config' (inputs `(("apr" ,apr)