Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-6588

httpd package changelog contains invalid version numbers

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • httpd-2.4.6-99.el7_9.6
    • None
    • Low
    • rhel-se-cs-infra-services
    • ssg_core_services
    • 3
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • If docs needed, set a value
    • None
    • 57,005

      Description of problem:
      All httpd package changelog entries refer to 2.4.6-97.* when the actual package version is now 2.4.6-98

      Version-Release number of selected component (if applicable):
      httpd-2.4.6-98.el7_9.7

      How reproducible:
      Always

      Steps to Reproduce:
      1. rpm -q --changelog | less
      2. rpm -q httpd
      3. Entries in changelog are all 2.4.6-97 when package version is now 2.4.6-98

      Actual results:

      • Tue Mar 21 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-97.7
      • Resolves: #2177742 - CVE-2023-25690 httpd: HTTP request splitting with
        mod_rewrite and mod_proxy
      • Wed Dec 07 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-97.6
      • Resolves: #2101997 - HEAD request with a 404 and custom ErrorPage causes
        corrupt and mixed-up responses
      • Tue Mar 22 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-97.5
      • Resolves: #2065243 - CVE-2022-22720 httpd: HTTP request smuggling
        vulnerability in Apache HTTP Server 2.4.52 and earlier
      • Mon Jan 10 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-97.4
      • Resolves: #2031072 - CVE-2021-34798 httpd: NULL pointer dereference via
        malformed requests
      • Resolves: #2031074 - CVE-2021-39275 httpd: out-of-bounds write in
        ap_escape_quotes() via malicious input
      • Resolves: #1969226 - CVE-2021-26691 httpd: Heap overflow in mod_session

      httpd-2.4.6-98.el7_9.7.x86_64

      Expected results:
      Changelog version number should match package version number.

      Additional info:
      Package version was bumped after 2.4.6-97.el7_9.5 but looks like no-one told the package maintainer!

              rhn-support-npatwa Nikita Patwa
              trevor.hemsley@ntlworld.com Trevor Hemsley (Inactive)
              Nikita Patwa Nikita Patwa
              Jakub Skunda Jakub Skunda
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: