cvs commit: ports/www/apache2 Makefile ports/www/apache2/files
patch-modules:ssl:ssl_engine_kernel.c
Clement Laforet
clement at FreeBSD.org
Fri May 28 08:27:39 PDT 2004
clement 2004/05/28 08:27:02 PDT
FreeBSD ports repository
Modified files:
www/apache2 Makefile
Added files:
www/apache2/files patch-modules:ssl:ssl_engine_kernel.c
Log:
- Import security fix from Apache CVS...
* modules/ssl/ssl_engine_kernel.c (ssl_hook_UserCheck): Fix buffer
overflow in FakeBasicAuth code if client's subject DN exceeds 6K in
length (CVE CAN-2004-0488); switch to using apr-util base64 encoder
functions.
- ... and of course bump PORTREVISION.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488
http://secunia.com/advisories/11534/
Reported by: Charles-Damien Orbello <tazma at cultdeadsheep.org>
Revision Changes Path
1.178 +1 -0 ports/www/apache2/Makefile
1.1 +39 -0 ports/www/apache2/files/patch-modules:ssl:ssl_engine_kernel.c (new)
More information about the cvs-all
mailing list