Date: Wed, 20 Oct 2010 16:32:32 +0900 (JST) From: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> To: FreeBSD-gnats-submit@FreeBSD.org Cc: turutani@scphys.kyoto-u.ac.jp Subject: ports/151594: www/apache22 is vulnerable Message-ID: <201010200732.o9K7WWWK025260@h120.65.226.10.32118.vlan.kuins.net> Resent-Message-ID: <201010200740.o9K7e9Op058631@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 151594 >Category: ports >Synopsis: www/apache22 is vulnerable >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Oct 20 07:40:08 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Tsurutani Naoki >Release: FreeBSD 8.1-STABLE i386 >Organization: >Environment: System: FreeBSD h120.65.226.10.32118.vlan.kuins.net 8.1-STABLE FreeBSD 8.1-STABLE #24: Wed Jul 28 12:32:20 JST 2010 turutani@h120.65.226.10.32118.vlan.kuins.net:/usr/local/work/usr/obj/usr/src/sys/POLYMER i386 >Description: www/apache22 is vulnerable. ref: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 >How-To-Repeat: >Fix: --- Makefile.orig 2010-10-15 05:25:23.000000000 +0900 +++ Makefile 2010-10-20 16:13:46.000000000 +0900 @@ -8,8 +8,7 @@ # PORTNAME= apache -PORTVERSION= 2.2.16 -PORTREVISION= 2 +PORTVERSION= 2.2.17 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} DISTNAME= httpd-${PORTVERSION} --- distinfo.orig 2010-07-28 13:29:51.000000000 +0900 +++ distinfo 2010-10-20 16:15:12.000000000 +0900 @@ -1,3 +1,3 @@ -MD5 (apache22/httpd-2.2.16.tar.bz2) = c8ff2a07c884300bc7766a2e7f662d33 -SHA256 (apache22/httpd-2.2.16.tar.bz2) = 9457d57a6bea15ce5bde83c88803c030953b99bdd0fbae65854adff527ed4c52 -SIZE (apache22/httpd-2.2.16.tar.bz2) = 4775545 +MD5 (apache22/httpd-2.2.17.tar.bz2) = 16eadc59ea6b38af33874d300973202e +SHA256 (apache22/httpd-2.2.17.tar.bz2) = 868af11e3ed8fa9aade15241ea4f51971b3ef71104292ca2625ef2065e61fb04 +SIZE (apache22/httpd-2.2.17.tar.bz2) = 4951247 >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201010200732.o9K7WWWK025260>