ports/151594: www/apache22 is vulnerable
Tsurutani Naoki
turutani at scphys.kyoto-u.ac.jp
Wed Oct 20 07:40:09 UTC 2010
>Number: 151594
>Category: ports
>Synopsis: www/apache22 is vulnerable
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Oct 20 07:40:08 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Tsurutani Naoki
>Release: FreeBSD 8.1-STABLE i386
>Organization:
>Environment:
System: FreeBSD h120.65.226.10.32118.vlan.kuins.net 8.1-STABLE FreeBSD 8.1-STABLE #24: Wed Jul 28 12:32:20 JST 2010 turutani at h120.65.226.10.32118.vlan.kuins.net:/usr/local/work/usr/obj/usr/src/sys/POLYMER i386
>Description:
www/apache22 is vulnerable.
ref: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
>How-To-Repeat:
>Fix:
--- Makefile.orig 2010-10-15 05:25:23.000000000 +0900
+++ Makefile 2010-10-20 16:13:46.000000000 +0900
@@ -8,8 +8,7 @@
#
PORTNAME= apache
-PORTVERSION= 2.2.16
-PORTREVISION= 2
+PORTVERSION= 2.2.17
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD}
DISTNAME= httpd-${PORTVERSION}
--- distinfo.orig 2010-07-28 13:29:51.000000000 +0900
+++ distinfo 2010-10-20 16:15:12.000000000 +0900
@@ -1,3 +1,3 @@
-MD5 (apache22/httpd-2.2.16.tar.bz2) = c8ff2a07c884300bc7766a2e7f662d33
-SHA256 (apache22/httpd-2.2.16.tar.bz2) = 9457d57a6bea15ce5bde83c88803c030953b99bdd0fbae65854adff527ed4c52
-SIZE (apache22/httpd-2.2.16.tar.bz2) = 4775545
+MD5 (apache22/httpd-2.2.17.tar.bz2) = 16eadc59ea6b38af33874d300973202e
+SHA256 (apache22/httpd-2.2.17.tar.bz2) = 868af11e3ed8fa9aade15241ea4f51971b3ef71104292ca2625ef2065e61fb04
+SIZE (apache22/httpd-2.2.17.tar.bz2) = 4951247
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list