-
Bug
-
Resolution: Done-Errata
-
Undefined
-
rhel-7.9.z
-
httpd-2.4.6-99.el7_9.6
-
None
-
Low
-
rhel-se-cs-infra-services
-
ssg_core_services
-
3
-
False
-
False
-
-
None
-
None
-
If docs needed, set a value
-
-
Unspecified
-
None
-
57,005
Description of problem:
All httpd package changelog entries refer to 2.4.6-97.* when the actual package version is now 2.4.6-98
Version-Release number of selected component (if applicable):
httpd-2.4.6-98.el7_9.7
How reproducible:
Always
Steps to Reproduce:
1. rpm -q --changelog | less
2. rpm -q httpd
3. Entries in changelog are all 2.4.6-97 when package version is now 2.4.6-98
Actual results:
- Tue Mar 21 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-97.7
- Resolves: #2177742 - CVE-2023-25690 httpd: HTTP request splitting with
mod_rewrite and mod_proxy
- Wed Dec 07 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-97.6
- Resolves: #2101997 - HEAD request with a 404 and custom ErrorPage causes
corrupt and mixed-up responses
- Tue Mar 22 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-97.5
- Resolves: #2065243 - CVE-2022-22720 httpd: HTTP request smuggling
vulnerability in Apache HTTP Server 2.4.52 and earlier
- Mon Jan 10 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-97.4
- Resolves: #2031072 - CVE-2021-34798 httpd: NULL pointer dereference via
malformed requests - Resolves: #2031074 - CVE-2021-39275 httpd: out-of-bounds write in
ap_escape_quotes() via malicious input - Resolves: #1969226 - CVE-2021-26691 httpd: Heap overflow in mod_session
httpd-2.4.6-98.el7_9.7.x86_64
Expected results:
Changelog version number should match package version number.
Additional info:
Package version was bumped after 2.4.6-97.el7_9.5 but looks like no-one told the package maintainer!
- external trackers
- links to
-
RHSA-2025:153951 httpd security update