cvs commit: ports/www/apache22 Makefile

Philip M. Gollucci pgollucci at FreeBSD.org
Fri May 7 01:46:06 UTC 2010


pgollucci    2010-05-07 01:46:06 UTC

  FreeBSD ports repository

  Modified files:
    www/apache22         Makefile 
  Log:
  - Forced commit to note the following CVEs were fixed in 2.2.15
    [from CHANGES file]
  
    *) SECURITY: CVE-2009-3555 (cve.mitre.org)
       mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
       attack when compiled against OpenSSL version 0.9.8m or later. Introduces
       the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
       and offer unsafe legacy renegotiation with clients which do not yet
       support the new secure renegotiation protocol, RFC 5746.
       [Joe Orton, and with thanks to the OpenSSL Team]
  
    *) SECURITY: CVE-2009-3555 (cve.mitre.org)
       mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
       for OpenSSL versions prior to 0.9.8l; reject any client-initiated
       renegotiations. Forcibly disable keepalive for the connection if there
       is any buffered data readable. Any configuration which requires
       renegotiation for per-directory/location access control is still
       vulnerable, unless using openssl 0.9.8l or later.
       [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
  
    *) SECURITY: CVE-2010-0408 (cve.mitre.org)
       mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
       when request headers indicate a request body is incoming; not a case of
       HTTP_INTERNAL_SERVER_ERROR.  [Niku Toivola <niku.toivola sulake.com>]
  
    *) SECURITY: CVE-2010-0425 (cve.mitre.org)
       mod_isapi: Do not unload an isapi .dll module until the request
       processing is completed, avoiding orphaned callback pointers.
       [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
  
    *) SECURITY: CVE-2010-0434 (cve.mitre.org)
       Ensure each subrequest has a shallow copy of headers_in so that the
       parent request headers are not corrupted.  Eliminates a problematic
       optimization in the case of no request body.  PR 48359.
       [Jake Scott, William Rowe, Ruediger Pluem]
  
  Revision  Changes    Path
  1.259     +0 -0      ports/www/apache22/Makefile


More information about the cvs-ports mailing list