From owner-freebsd-apache@FreeBSD.ORG Thu May 13 00:40:04 2010 Return-Path: Delivered-To: apache@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B11D01065670 for ; Thu, 13 May 2010 00:40:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (unknown [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 871B08FC14 for ; Thu, 13 May 2010 00:40:04 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o4D0e4SD042300 for ; Thu, 13 May 2010 00:40:04 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o4D0e4L5042299; Thu, 13 May 2010 00:40:04 GMT (envelope-from gnats) Date: Thu, 13 May 2010 00:40:04 GMT Message-Id: <201005130040.o4D0e4L5042299@freefall.freebsd.org> To: apache@FreeBSD.org From: dfilter@FreeBSD.ORG (dfilter service) Cc: Subject: Re: ports/146389: commit references a PR X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dfilter service List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 May 2010 00:40:04 -0000 The following reply was made to PR ports/146389; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: ports/146389: commit references a PR Date: Thu, 13 May 2010 00:30:34 +0000 (UTC) pgollucci 2010-05-13 00:30:19 UTC FreeBSD ports repository Modified files: www/apache20 Makefile www/apache20/files patch-CVE-2009-3555 Added files: www/apache20/files patch-CVE-2008-2364 patch-CVE-2010-0434 Log: - Fix openssl rengotiation patch [1] - Fix the openssl from ports flag - Bump PORTREVISION - Also patch 2 more CVEs *) SECURITY: CVE-2010-0434 (cve.mitre.org) Ensure each subrequest has a shallow copy of headers_in so that the parent request headers are not corrupted. Elimiates a problematic optimization in the case of no request body. PR 48359 [Jake Scott, William Rowe, Ruediger Pluem] *) SECURITY: CVE-2008-2364 (cve.mitre.org) mod_proxy_http: Better handling of excessive interim responses from origin server to prevent potential denial of service and high memory usage. Reported by Ryujiro Shibuya. [Ruediger Pluem, Joe Orton, Jim Jagielski] PR: ports/146389 [1] Submitted by: several [1] With Hat: apache@ Revision Changes Path 1.278 +2 -2 ports/www/apache20/Makefile 1.1 +62 -0 ports/www/apache20/files/patch-CVE-2008-2364 (new) 1.2 +73 -271 ports/www/apache20/files/patch-CVE-2009-3555 1.1 +11 -0 ports/www/apache20/files/patch-CVE-2010-0434 (new) _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"