NOTE! commit fc00096e8... purports to fix the first 3 CVEs
but uses the wrong rpm version.
CVE-2021-26691: heap overflow
CVE-2021-39275: out-of-bounds write
CVE-2021-44790: buffer overflow
CVE-2022-22720: http request smuggling
Advance to version 2.4.6-97.el7.centos.5.
=== testing
boot iso and log in; become root; httpd is not running
systemctl stop lighttpd # free up port 80
systemctl start httpd # takes a while
echo arf > /var/www/html/arf.txt # something to fetch
wget http://localhost/arf.txt
cat arf.txt
This shows httpd is processing requests.
===
Closes-bug: 1960765
Closes-bug: 1969363
Change-Id: I4c90213f020762f037e1f207f73e0622a38984c2
Signed-off-by: Joe Slater <joe.slater@windriver.com>
a56902554f