cvs commit: ports/www/apache13-modperl Makefile ports/www/apache13-modperl/files patch-secfix-CVE-2006-3747 ports/www/apache13-ssl Makefile ports/www/apache13-ssl/files patch-secfix-CVE-2006-3747 ports/www/apache20 Makefile ports/www/apache20/files patch-secfix-CVE-2006-3747 ...

Clement Laforet clement at FreeBSD.org
Thu Jul 27 20:26:37 UTC 2006


clement     2006-07-27 20:26:29 UTC

  FreeBSD ports repository

  Modified files:
    www/apache13-modperl Makefile 
    www/apache13-ssl     Makefile 
    www/apache20         Makefile 
    www/apache21         Makefile 
    www/apache22         Makefile 
  Added files:
    www/apache13-modperl/files patch-secfix-CVE-2006-3747 
    www/apache13-ssl/files patch-secfix-CVE-2006-3747 
    www/apache20/files   patch-secfix-CVE-2006-3747 
    www/apache21/files   patch-secfix-CVE-2006-3747 
    www/apache22/files   patch-secfix-CVE-2006-3747 
  Log:
  - Fix security issue in mod_rewrite.
  All people using mod_rewrite are strongly encouraged to update.
  
  An off-by-one flaw exists in the Rewrite module, mod_rewrite.
  Depending on the manner in which Apache httpd was compiled, this
  software defect may result in a vulnerability which, in combination
  with certain types of Rewrite rules in the web server configuration
  files, could be triggered remotely.  For vulnerable builds, the nature
  of the vulnerability can be denial of service (crashing of web server
  processes) or potentially allow arbitrary code execution.
  This issue has been rated as having important security impact
  by the Apache HTTP Server Security Team
  
  Updates to latest versions will follow soon.
  
  Notified by:    so@ (simon)
  Obtained from:  Apache Security Team
  Security:       CVE-2006-3747
  
  Revision  Changes    Path
  1.15      +1 -0      ports/www/apache13-modperl/Makefile
  1.1       +13 -0     ports/www/apache13-modperl/files/patch-secfix-CVE-2006-3747 (new)
  1.119     +1 -1      ports/www/apache13-ssl/Makefile
  1.1       +13 -0     ports/www/apache13-ssl/files/patch-secfix-CVE-2006-3747 (new)
  1.241     +1 -1      ports/www/apache20/Makefile
  1.1       +13 -0     ports/www/apache20/files/patch-secfix-CVE-2006-3747 (new)
  1.186     +1 -1      ports/www/apache21/Makefile
  1.1       +13 -0     ports/www/apache21/files/patch-secfix-CVE-2006-3747 (new)
  1.195     +1 -0      ports/www/apache22/Makefile
  1.1       +13 -0     ports/www/apache22/files/patch-secfix-CVE-2006-3747 (new)


More information about the cvs-all mailing list