Date: Wed, 3 Sep 2014 20:32:11 +0000 (UTC) From: Olli Hauer <ohauer@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r367232 - branches/2014Q3/security/vuxml Message-ID: <201409032032.s83KWBEX043931@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ohauer Date: Wed Sep 3 20:32:11 2014 New Revision: 367232 URL: http://svnweb.freebsd.org/changeset/ports/367232 QAT: https://qat.redports.org/buildarchive/r367232/ Log: MFH: r367225 - update vid f927e06c-1109-11e4-b090-20cf30e32f6d (httpd-2.2.29 was released today) Approved by: portmgr (erwin@) Modified: branches/2014Q3/security/vuxml/vuln.xml Directory Properties: branches/2014Q3/ (props changed) Modified: branches/2014Q3/security/vuxml/vuln.xml ============================================================================== --- branches/2014Q3/security/vuxml/vuln.xml Wed Sep 3 20:31:48 2014 (r367231) +++ branches/2014Q3/security/vuxml/vuln.xml Wed Sep 3 20:32:11 2014 (r367232) @@ -653,29 +653,29 @@ Notes: <affects> <package> <name>apache22</name> - <range><gt>2.2.0</gt><lt>2.2.27_6</lt></range> + <range><gt>2.2.0</gt><lt>2.2.29</lt></range> </package> <package> <name>apache22-event-mpm</name> - <range><gt>2.2.0</gt><lt>2.2.27_6</lt></range> + <range><gt>2.2.0</gt><lt>2.2.29</lt></range> </package> <package> <name>apache22-itk-mpm</name> - <range><gt>2.2.0</gt><lt>2.2.27_6</lt></range> + <range><gt>2.2.0</gt><lt>2.2.29</lt></range> </package> <package> <name>apache22-peruser-mpm</name> - <range><gt>2.2.0</gt><lt>2.2.27_6</lt></range> + <range><gt>2.2.0</gt><lt>2.2.29</lt></range> </package> <package> <name>apache22-worker-mpm</name> - <range><gt>2.2.0</gt><lt>2.2.27_6</lt></range> + <range><gt>2.2.0</gt><lt>2.2.29</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; <p>Apache HTTP SERVER PROJECT reports:</p> - <blockquote cite="http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?revision=1611816&view=markup">; + <blockquote cite="http://www.apache.org/dist/httpd/CHANGES_2.2.29">; <p> mod_deflate: The DEFLATE input filter (inflates request bodies) now limits the length and compression ratio of inflated request bodies to avoid denial of service via highly compressed bodies. See directives @@ -689,6 +689,10 @@ Notes: communication with scripts.</p> <p>Fix a race condition in scoreboard handling, which could lead to a heap buffer overflow.</p> + <p>core: HTTP trailers could be used to replace HTTP headers late during + request processing, potentially undoing or otherwise confusing modules + that examined or modified request headers earlier. Adds "MergeTrailers" + directive to restore legacy behavior.</p> </blockquote> </body> </description> @@ -696,10 +700,12 @@ Notes: <cvename>CVE-2014-0118</cvename> <cvename>CVE-2014-0231</cvename> <cvename>CVE-2014-0226</cvename> + <cvename>CVE-2013-5704</cvename> </references> <dates> <discovery>2014-07-19</discovery> <entry>2014-07-24</entry> + <modified>2014-09-03</modified> </dates> </vuln>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201409032032.s83KWBEX043931>