Date: Fri, 20 Feb 2015 10:29:38 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 197844] www/fcgi issue (CVE-2012-6687) Message-ID: <bug-197844-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197844 Bug ID: 197844 Summary: www/fcgi issue (CVE-2012-6687) Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: rodrigo@FreeBSD.org CC: freebsd@skysmurf.nl CC: freebsd@skysmurf.nl Flags: maintainer-feedback?(freebsd@skysmurf.nl) Created attachment 153202 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=153202&action=edit update fcgi to 2.4.0_5 + CVE patch Yesterday was released the CVE-2012-6687[1] who report possible DOS attacks allowed by fastcgi 2.4.0. As far as I can see, it's our version in ports. Attached a patch integrate the fix : https://launchpadlibrarian.net/93064712/poll.patch [1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6687 --- Comment #1 from Bugzilla Automation <bugzilla@FreeBSD.org> --- Maintainer CC'd -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-197844-13>