ports/111844: UPDATE: www/mod_perl 1.29 -> 1.30 (CVE Security
Fix)
Philip M. Gollucci
pgollucci at p6m7g8.com
Tue Apr 24 23:00:18 UTC 2007
The following reply was made to PR ports/111844; it has been noted by GNATS.
From: "Philip M. Gollucci" <pgollucci at p6m7g8.com>
To: bug-followup at FreeBSD.org, pgollucci at p6m7g8.com
Cc:
Subject: Re: ports/111844: UPDATE: www/mod_perl 1.29 -> 1.30 (CVE Security
Fix)
Date: Tue, 24 Apr 2007 15:51:21 -0700
This is a multi-part message in MIME format.
--------------040000050005070803040101
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
per erwin@ request a vuxml entry:
--
------------------------------------------------------------------------
Philip M. Gollucci (pgollucci at p6m7g8.com) 323.219.4708
Consultant / http://p6m7g8.net/Resume
Senior Software Engineer - TicketMaster - http://ticketmaster.com
1024D/EC88A0BF 0DE5 C55C 6BF3 B235 2DAB B89E 1324 9B4F EC88 A0BF
Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.
--------------040000050005070803040101
Content-Type: text/plain;
name="vuxml.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="vuxml.diff"
? work
Index: vuln.xml
===================================================================
RCS file: /home/ncvs/ports/security/vuxml/vuln.xml,v
retrieving revision 1.1317
diff -u -r1.1317 vuln.xml
--- vuln.xml 23 Apr 2007 14:12:10 -0000 1.1317
+++ vuln.xml 24 Apr 2007 22:51:11 -0000
@@ -34,6 +34,35 @@
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="ef2ffb03-f2b0-11db-ad25-0010b5a0a860">
+ <topic> mod_perl -- remote DOS in PATH_INFO parsing</topic>
+ <affects>
+ <package>
+ <name>mod_perl</name>
+ <range><lt>1.30</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>CVE repots:</p>
+ <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1349">
+ <p>PerlRun.pm in Apache mod_perl 1.29 and earlier, and RegistryCooker.pm in
+ mod_perl 2.x, does not properly escape PATH_INFO before use in a regular
+ expression, which allows remote attackers to cause a denial of service
+ (resource consumption) via a crafted URI.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2007-1349</cvename>
+ <url>URL:http://secunia.com/advisories/24839</url>
+ </references>
+ <dates>
+ <discovery>2007-03-29</discovery>
+ <entry>2007-04-24</entry>
+ </dates>
+ </vuln>
+
<vuln vid="c389d06d-ee57-11db-bd51-0016179b2dd5">
<topic>claws-mail -- APOP vulnerability</topic>
<affects>
--------------040000050005070803040101--
More information about the freebsd-apache
mailing list