Date: Thu, 15 Sep 2011 05:00:28 +0000 (UTC) From: Olli Hauer <ohauer@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/www/apache22 Makefile distinfo Message-ID: <201109150500.p8F50S9M002184@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
ohauer 2011-09-15 05:00:28 UTC
FreeBSD ports repository
Modified files:
www/apache22 Makefile distinfo
Log:
- update to version 2.2.21
Addresses:
* SECURITY: CVE-2011-3348 (cve.mitre.org)
mod_proxy_ajp when combined with mod_proxy_balancer: Prevents
unrecognized HTTP methods from marking ajp: balancer members
in an error state, avoiding denial of service.
* SECURITY: CVE-2011-3192 (cve.mitre.org)
core: Further fixes to the handling of byte-range requests to use
less memory, to avoid denial of service. This patch includes fixes
to the patch introduced in release 2.2.20 for protocol compliance,
as well as the MaxRanges directive.
PR: ports/160743
Submitted by: Jason Helfman <jhelfman@experts-exchange.com>
Revision Changes Path
1.293 +2 -2 ports/www/apache22/Makefile
1.86 +2 -2 ports/www/apache22/distinfo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201109150500.p8F50S9M002184>