StarlingX

  1. Bug #1985885
  2. Comment #2

Comment 2 for bug 1985885

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/852944
Committed: https://opendev.org/starlingx/tools/commit/7b93f4bcd95e4a171e14ceaff6d78d029c987263
Submitter: "Zuul (22348)"
Branch: master

commit 7b93f4bcd95e4a171e14ceaff6d78d029c987263
Author: Wentao Zhang <email address hidden>
Date: Fri Aug 12 17:25:00 2022 +0800

    Debian: apache2:fix CVE-2022-31813

    Upgrade apache2, apache2-bin, apache2-data, apache2-utils to
    the version that CVE-2022-31813 have been fixed:

    apache2_2.4.53-1~deb11u1_amd64.deb to
    apache2_2.4.54-1~deb11u1_amd64.deb
    apache2-bin_2.4.53-1~deb11u1_amd64.deb to
    apache2-bin_2.4.54-1~deb11u1_amd64.deb
    apache2-data_2.4.53-1~deb11u1_all.deb to
    apache2-data_2.4.54-1~deb11u1_all.deb
    apache2-utils_2.4.53-1~deb11u1_amd64.deb to
    apache2-utils_2.4.54-1~deb11u1_amd64.deb

    (Refer to https://security-tracker.debian.org/tracker/CVE-2022-31813)

    This fix provides the URL of the package in base-bullseye.lst to make
    sure that the binary package can be downloaded no matter how the
    upstream changes.

    Closes-bug: 1985885
    Signed-off-by: Wentao Zhang<email address hidden>
    Change-Id: Ieb31dea74b36f208430e69e9613889b3c236461c