Date: Fri, 28 May 2004 08:27:02 -0700 (PDT) From: Clement Laforet <clement@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/www/apache2 Makefile ports/www/apache2/files patch-modules:ssl:ssl_engine_kernel.c Message-ID: <200405281527.i4SFR27r076835@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
clement 2004/05/28 08:27:02 PDT
FreeBSD ports repository
Modified files:
www/apache2 Makefile
Added files:
www/apache2/files patch-modules:ssl:ssl_engine_kernel.c
Log:
- Import security fix from Apache CVS...
* modules/ssl/ssl_engine_kernel.c (ssl_hook_UserCheck): Fix buffer
overflow in FakeBasicAuth code if client's subject DN exceeds 6K in
length (CVE CAN-2004-0488); switch to using apr-util base64 encoder
functions.
- ... and of course bump PORTREVISION.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488
http://secunia.com/advisories/11534/
Reported by: Charles-Damien Orbello <tazma@cultdeadsheep.org>
Revision Changes Path
1.178 +1 -0 ports/www/apache2/Makefile
1.1 +39 -0 ports/www/apache2/files/patch-modules:ssl:ssl_engine_kernel.c (new)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200405281527.i4SFR27r076835>