apache-httpd: 2.4.38 -> 2.4.39 (CVE-2019-0211)

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or
prefork, code executing in less-privileged child processes or
threads (including scripts executed by an in-process scripting interpreter)
could execute arbitrary code with the privileges of the parent process (usually
root) by manipulating the scoreboard.
This commit is contained in:
Peter Simons 2019-04-02 09:46:25 +02:00
parent a01129912f
commit 2017158b53

View File

@ -16,12 +16,12 @@ assert ldapSupport -> aprutil.ldapSupport && openldap != null;
assert http2Support -> nghttp2 != null;
stdenv.mkDerivation rec {
version = "2.4.38";
version = "2.4.39";
name = "apache-httpd-${version}";
src = fetchurl {
url = "mirror://apache/httpd/httpd-${version}.tar.bz2";
sha256 = "0jiriyyf3pm6axf4mrz6c2z08yhs21hb4d23viq87jclm5bmiikx";
sha256 = "18ngvsjq65qxk3biggnkhkq8jlll9dsg9n3csra9p99sfw2rvjml";
};
# FIXME: -dev depends on -doc