Date: Thu, 13 May 2010 00:40:04 GMT From: dfilter@FreeBSD.ORG (dfilter service) To: apache@FreeBSD.org Subject: Re: ports/146389: commit references a PR Message-ID: <201005130040.o4D0e4L5042299@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/146389; it has been noted by GNATS.
From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:
Subject: Re: ports/146389: commit references a PR
Date: Thu, 13 May 2010 00:30:34 +0000 (UTC)
pgollucci 2010-05-13 00:30:19 UTC
FreeBSD ports repository
Modified files:
www/apache20 Makefile
www/apache20/files patch-CVE-2009-3555
Added files:
www/apache20/files patch-CVE-2008-2364 patch-CVE-2010-0434
Log:
- Fix openssl rengotiation patch [1]
- Fix the openssl from ports flag
- Bump PORTREVISION
- Also patch 2 more CVEs
*) SECURITY: CVE-2010-0434 (cve.mitre.org)
Ensure each subrequest has a shallow copy of headers_in so that the
parent request headers are not corrupted. Elimiates a problematic
optimization in the case of no request body. PR 48359
[Jake Scott, William Rowe, Ruediger Pluem]
*) SECURITY: CVE-2008-2364 (cve.mitre.org)
mod_proxy_http: Better handling of excessive interim responses
from origin server to prevent potential denial of service and high
memory usage. Reported by Ryujiro Shibuya. [Ruediger Pluem,
Joe Orton, Jim Jagielski]
PR: ports/146389 [1]
Submitted by: several [1]
With Hat: apache@
Revision Changes Path
1.278 +2 -2 ports/www/apache20/Makefile
1.1 +62 -0 ports/www/apache20/files/patch-CVE-2008-2364 (new)
1.2 +73 -271 ports/www/apache20/files/patch-CVE-2009-3555
1.1 +11 -0 ports/www/apache20/files/patch-CVE-2010-0434 (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201005130040.o4D0e4L5042299>