Differences

This shows you the differences between two versions of the page.

--- changelog_14.2 [2021/09/16 12:48] – connie
+++ changelog_14.2 [2021/09/21 19:48] – [2021-09-17] connie
@@ Line 2: / Line 2: @@
 Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding.
+==== 2021-09-21 ====
+**alpine-2.25**:  Upgraded.
+Fixed a denial-of-service security issue where untagged responses from an
+IMAP server are accepted before STARTTLS.
+For more information, see:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38370
+(**Security fix**)
+==== 2021-09-17 ====
+**httpd-2.4.49**:  Upgraded.
+This release contains security fixes and improvements.
+mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty [Yann Ylavic]
+core: ap_escape_quotes buffer overflow
+mod_proxy_uwsgi: Out of bound read vulnerability [Yann Ylavic]
+core: null pointer dereference on malformed request
+mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing]
+For more information, see:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193
+(**Security fix**)
 ==== 2021-09-16 ====