From owner-freebsd-apache@FreeBSD.ORG Mon Apr 23 11:06:50 2007 Return-Path: X-Original-To: apache@FreeBSD.org Delivered-To: freebsd-apache@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A12B316A401 for ; Mon, 23 Apr 2007 11:06:50 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 90E3713C4B8 for ; Mon, 23 Apr 2007 11:06:50 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l3NB6oFQ092396 for ; Mon, 23 Apr 2007 11:06:50 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l3NB6mTb092392 for apache@FreeBSD.org; Mon, 23 Apr 2007 11:06:48 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 23 Apr 2007 11:06:48 GMT Message-Id: <200704231106.l3NB6mTb092392@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: linimon set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: apache@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Apr 2007 11:06:50 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o ports/89308 apache [patch] www/mod_accounting crash on request_timeout o ports/111844 apache UPDATE: www/mod_perl 1.29 -> 1.30 (CVE Security Fix) o ports/111847 apache UPDATE: www/mod_perl 1.29 -> 1.30 (CVE Security Fix) 3 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o ports/74907 apache [PATCH] www/mod_perl: cleanups f ports/89972 apache portupgrade apache+ssl fails on dependencies f ports/97385 apache www/mod_auth_kerb configure script faults with heimdal o ports/106429 apache www/apache* ports install rc.d scripts which don't fol 4 problems total. From owner-freebsd-apache@FreeBSD.ORG Mon Apr 23 21:39:04 2007 Return-Path: X-Original-To: freebsd-apache@freebsd.org Delivered-To: freebsd-apache@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 49EC816A401 for ; Mon, 23 Apr 2007 21:39:04 +0000 (UTC) (envelope-from andrei.manescu@clicknet.ro) Received: from proxy2.romtelecom.net (proxy2.romtelecom.net [86.35.15.39]) by mx1.freebsd.org (Postfix) with ESMTP id 9BB0813C45E for ; Mon, 23 Apr 2007 21:39:03 +0000 (UTC) (envelope-from andrei.manescu@clicknet.ro) Received: (qmail 15030 invoked from network); 23 Apr 2007 21:12:21 -0000 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on proxy2_romtelecom_net X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=AWL,HTML_MESSAGE autolearn=disabled version=3.1.0 Received: from r02s19p01.home.nbox.cz (HELO ivorde) (andrei.manescu@clicknet.ro@[83.240.46.91]) (envelope-sender ) by proxy2.romtelecom.net (qmail-ldap-1.03) with SMTP for ; 23 Apr 2007 21:12:20 -0000 Message-ID: <003001c785ec$18650c40$5501a8c0@ivorde> From: "Andrei Manescu" To: Date: Tue, 24 Apr 2007 00:12:26 +0300 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3028 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: bandwidth limiting per ip X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Apr 2007 21:39:04 -0000 Has anyone a good tutorial on how to limit the upload bandwidth of a = webserver per ip or per host (per web client) ??? Thank you in advance. From owner-freebsd-apache@FreeBSD.ORG Tue Apr 24 22:00:38 2007 Return-Path: X-Original-To: apache@hub.freebsd.org Delivered-To: freebsd-apache@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2824316A404; Tue, 24 Apr 2007 22:00:38 +0000 (UTC) (envelope-from erwin@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id EEFBE13C483; Tue, 24 Apr 2007 22:00:37 +0000 (UTC) (envelope-from erwin@FreeBSD.org) Received: from freefall.freebsd.org (erwin@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l3OM0bjv060776; Tue, 24 Apr 2007 22:00:37 GMT (envelope-from erwin@freefall.freebsd.org) Received: (from erwin@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l3OM0bqa060766; Tue, 24 Apr 2007 22:00:37 GMT (envelope-from erwin) Date: Tue, 24 Apr 2007 22:00:37 GMT From: Erwin Lansing Message-Id: <200704242200.l3OM0bqa060766@freefall.freebsd.org> To: pgollucci@p6m7g8.com, erwin@FreeBSD.org, apache@FreeBSD.org Cc: Subject: Re: ports/111847: UPDATE: www/mod_perl 1.29 -> 1.30 (CVE Security Fix) X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Apr 2007 22:00:38 -0000 Synopsis: UPDATE: www/mod_perl 1.29 -> 1.30 (CVE Security Fix) State-Changed-From-To: open->closed State-Changed-By: erwin State-Changed-When: Tue Apr 24 22:00:24 UTC 2007 State-Changed-Why: Duplicate of ports/111844. http://www.freebsd.org/cgi/query-pr.cgi?pr=111847 From owner-freebsd-apache@FreeBSD.ORG Tue Apr 24 23:00:18 2007 Return-Path: X-Original-To: apache@hub.freebsd.org Delivered-To: freebsd-apache@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id AEED916A403 for ; Tue, 24 Apr 2007 23:00:18 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 468A113C44C for ; Tue, 24 Apr 2007 23:00:18 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l3ON0IVm065419 for ; Tue, 24 Apr 2007 23:00:18 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l3ON0ILJ065418; Tue, 24 Apr 2007 23:00:18 GMT (envelope-from gnats) Date: Tue, 24 Apr 2007 23:00:18 GMT Message-Id: <200704242300.l3ON0ILJ065418@freefall.freebsd.org> To: apache@FreeBSD.org From: "Philip M. Gollucci" Cc: Subject: Re: ports/111844: UPDATE: www/mod_perl 1.29 -> 1.30 (CVE Security Fix) X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Philip M. Gollucci" List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Apr 2007 23:00:18 -0000 The following reply was made to PR ports/111844; it has been noted by GNATS. From: "Philip M. Gollucci" To: bug-followup@FreeBSD.org, pgollucci@p6m7g8.com Cc: Subject: Re: ports/111844: UPDATE: www/mod_perl 1.29 -> 1.30 (CVE Security Fix) Date: Tue, 24 Apr 2007 15:51:21 -0700 This is a multi-part message in MIME format. --------------040000050005070803040101 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit per erwin@ request a vuxml entry: -- ------------------------------------------------------------------------ Philip M. Gollucci (pgollucci@p6m7g8.com) 323.219.4708 Consultant / http://p6m7g8.net/Resume Senior Software Engineer - TicketMaster - http://ticketmaster.com 1024D/EC88A0BF 0DE5 C55C 6BF3 B235 2DAB B89E 1324 9B4F EC88 A0BF Work like you don't need the money, love like you'll never get hurt, and dance like nobody's watching. --------------040000050005070803040101 Content-Type: text/plain; name="vuxml.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="vuxml.diff" ? work Index: vuln.xml =================================================================== RCS file: /home/ncvs/ports/security/vuxml/vuln.xml,v retrieving revision 1.1317 diff -u -r1.1317 vuln.xml --- vuln.xml 23 Apr 2007 14:12:10 -0000 1.1317 +++ vuln.xml 24 Apr 2007 22:51:11 -0000 @@ -34,6 +34,35 @@ --> + + mod_perl -- remote DOS in PATH_INFO parsing + + + mod_perl + 1.30 + + + + +

CVE repots:

+
+

PerlRun.pm in Apache mod_perl 1.29 and earlier, and RegistryCooker.pm in + mod_perl 2.x, does not properly escape PATH_INFO before use in a regular + expression, which allows remote attackers to cause a denial of service + (resource consumption) via a crafted URI.

+
+ + + + CVE-2007-1349 + URL:http://secunia.com/advisories/24839 + + + 2007-03-29 + 2007-04-24 + + + claws-mail -- APOP vulnerability --------------040000050005070803040101-- From owner-freebsd-apache@FreeBSD.ORG Wed Apr 25 17:10:08 2007 Return-Path: X-Original-To: apache@hub.freebsd.org Delivered-To: freebsd-apache@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C303416A400 for ; Wed, 25 Apr 2007 17:10:08 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id B4AD313C45E for ; Wed, 25 Apr 2007 17:10:08 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l3PHA8cN041789 for ; Wed, 25 Apr 2007 17:10:08 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l3PHA8WY041788; Wed, 25 Apr 2007 17:10:08 GMT (envelope-from gnats) Date: Wed, 25 Apr 2007 17:10:08 GMT Message-Id: <200704251710.l3PHA8WY041788@freefall.freebsd.org> To: apache@FreeBSD.org From: dfilter@FreeBSD.ORG (dfilter service) Cc: Subject: Re: ports/111844: commit references a PR X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dfilter service List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Apr 2007 17:10:08 -0000 The following reply was made to PR ports/111844; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: ports/111844: commit references a PR Date: Wed, 25 Apr 2007 17:04:42 +0000 (UTC) erwin 2007-04-25 17:04:36 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: Add entry for mod_perl -- remote DOS in PATH_INFO parsing PR: 111844 Submitted by: "Philip M. Gollucci" Revision Changes Path 1.1318 +30 -1 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org" From owner-freebsd-apache@FreeBSD.ORG Wed Apr 25 18:46:52 2007 Return-Path: X-Original-To: apache@hub.freebsd.org Delivered-To: freebsd-apache@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6CD6116A40E; Wed, 25 Apr 2007 18:46:52 +0000 (UTC) (envelope-from erwin@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 44D2E13C45D; Wed, 25 Apr 2007 18:46:52 +0000 (UTC) (envelope-from erwin@FreeBSD.org) Received: from freefall.freebsd.org (erwin@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l3PIkqpt048740; Wed, 25 Apr 2007 18:46:52 GMT (envelope-from erwin@freefall.freebsd.org) Received: (from erwin@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l3PIkpwU048734; Wed, 25 Apr 2007 18:46:51 GMT (envelope-from erwin) Date: Wed, 25 Apr 2007 18:46:51 GMT From: Erwin Lansing Message-Id: <200704251846.l3PIkpwU048734@freefall.freebsd.org> To: pgollucci@p6m7g8.com, erwin@FreeBSD.org, apache@FreeBSD.org Cc: Subject: Re: ports/111844: UPDATE: www/mod_perl 1.29 -> 1.30 (CVE Security Fix) X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Apr 2007 18:46:52 -0000 Synopsis: UPDATE: www/mod_perl 1.29 -> 1.30 (CVE Security Fix) State-Changed-From-To: open->closed State-Changed-By: erwin State-Changed-When: Wed Apr 25 18:46:36 UTC 2007 State-Changed-Why: Committed, thanks! Note that there was an extra manpage and pm that you missed. http://www.freebsd.org/cgi/query-pr.cgi?pr=111844 From owner-freebsd-apache@FreeBSD.ORG Wed Apr 25 18:50:12 2007 Return-Path: X-Original-To: apache@hub.freebsd.org Delivered-To: freebsd-apache@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CA0AA16A4CE for ; Wed, 25 Apr 2007 18:50:12 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id BB49013C458 for ; Wed, 25 Apr 2007 18:50:12 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l3PIoCkC048880 for ; Wed, 25 Apr 2007 18:50:12 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l3PIoCQU048879; Wed, 25 Apr 2007 18:50:12 GMT (envelope-from gnats) Date: Wed, 25 Apr 2007 18:50:12 GMT Message-Id: <200704251850.l3PIoCQU048879@freefall.freebsd.org> To: apache@FreeBSD.org From: dfilter@FreeBSD.ORG (dfilter service) Cc: Subject: Re: ports/111844: commit references a PR X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dfilter service List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Apr 2007 18:50:12 -0000 The following reply was made to PR ports/111844; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: ports/111844: commit references a PR Date: Wed, 25 Apr 2007 18:46:36 +0000 (UTC) erwin 2007-04-25 18:46:30 UTC FreeBSD ports repository Modified files: www/mod_perl Makefile distinfo pkg-plist www/mod_perl/files patch-Makefile.PL Log: Update to 1.30 PR: 111844 Submitted by: "Philip M. Gollucci" Security: http://www.vuxml.org/freebsd/ef2ffb03-f2b0-11db-ad25-0010b5a0a860.html Revision Changes Path 1.34 +4 -5 ports/www/mod_perl/Makefile 1.12 +3 -3 ports/www/mod_perl/distinfo 1.2 +11 -12 ports/www/mod_perl/files/patch-Makefile.PL 1.13 +1 -0 ports/www/mod_perl/pkg-plist _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"