cvs commit: ports/www/apache20 Makefile ports/www/apache20/files patch-CVE-2008-2364 patch-CVE-2009-3555 patch-CVE-2010-0434

Philip M. Gollucci pgollucci at
Thu May 13 00:30:20 UTC 2010

pgollucci    2010-05-13 00:30:19 UTC

  FreeBSD ports repository

  Modified files:
    www/apache20         Makefile 
    www/apache20/files   patch-CVE-2009-3555 
  Added files:
    www/apache20/files   patch-CVE-2008-2364 patch-CVE-2010-0434 
  - Fix openssl rengotiation patch [1]
  - Fix the openssl from ports flag
  - Also patch 2 more CVEs
   *) SECURITY: CVE-2010-0434 (
       Ensure each subrequest has a shallow copy of headers_in so that the
       parent request headers are not corrupted.  Elimiates a problematic
       optimization in the case of no request body.  PR 48359
       [Jake Scott, William Rowe, Ruediger Pluem]
    *) SECURITY: CVE-2008-2364 (
       mod_proxy_http: Better handling of excessive interim responses
       from origin server to prevent potential denial of service and high
       memory usage. Reported by Ryujiro Shibuya. [Ruediger Pluem,
       Joe Orton, Jim Jagielski]
  PR:             ports/146389 [1]
  Submitted by:   several [1]
  With Hat:       apache@
  Revision  Changes    Path
  1.278     +2 -2      ports/www/apache20/Makefile
  1.1       +62 -0     ports/www/apache20/files/patch-CVE-2008-2364 (new)
  1.2       +73 -271   ports/www/apache20/files/patch-CVE-2009-3555
  1.1       +11 -0     ports/www/apache20/files/patch-CVE-2010-0434 (new)

More information about the cvs-all mailing list