Date: Thu, 13 May 2010 00:40:04 GMT From: dfilter@FreeBSD.ORG (dfilter service) To: apache@FreeBSD.org Subject: Re: ports/146389: commit references a PR Message-ID: <201005130040.o4D0e4L5042299@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/146389; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: ports/146389: commit references a PR Date: Thu, 13 May 2010 00:30:34 +0000 (UTC) pgollucci 2010-05-13 00:30:19 UTC FreeBSD ports repository Modified files: www/apache20 Makefile www/apache20/files patch-CVE-2009-3555 Added files: www/apache20/files patch-CVE-2008-2364 patch-CVE-2010-0434 Log: - Fix openssl rengotiation patch [1] - Fix the openssl from ports flag - Bump PORTREVISION - Also patch 2 more CVEs *) SECURITY: CVE-2010-0434 (cve.mitre.org) Ensure each subrequest has a shallow copy of headers_in so that the parent request headers are not corrupted. Elimiates a problematic optimization in the case of no request body. PR 48359 [Jake Scott, William Rowe, Ruediger Pluem] *) SECURITY: CVE-2008-2364 (cve.mitre.org) mod_proxy_http: Better handling of excessive interim responses from origin server to prevent potential denial of service and high memory usage. Reported by Ryujiro Shibuya. [Ruediger Pluem, Joe Orton, Jim Jagielski] PR: ports/146389 [1] Submitted by: several [1] With Hat: apache@ Revision Changes Path 1.278 +2 -2 ports/www/apache20/Makefile 1.1 +62 -0 ports/www/apache20/files/patch-CVE-2008-2364 (new) 1.2 +73 -271 ports/www/apache20/files/patch-CVE-2009-3555 1.1 +11 -0 ports/www/apache20/files/patch-CVE-2010-0434 (new) _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201005130040.o4D0e4L5042299>