ports/151594: www/apache22 is vulnerable

Wed Oct 20 07:40:09 UTC 2010

>Number:         151594
>Category:       ports
>Synopsis:       www/apache22 is vulnerable
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct 20 07:40:08 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Tsurutani Naoki
>Release:        FreeBSD 8.1-STABLE i386
>Organization:
>Environment:
System: FreeBSD h120.65.226.10.32118.vlan.kuins.net 8.1-STABLE FreeBSD 8.1-STABLE #24: Wed Jul 28 12:32:20 JST 2010 turutani at h120.65.226.10.32118.vlan.kuins.net:/usr/local/work/usr/obj/usr/src/sys/POLYMER i386


	
>Description:
	www/apache22 is vulnerable.
	ref: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623
	     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
	     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
	
>How-To-Repeat:
	
>Fix:

--- Makefile.orig	2010-10-15 05:25:23.000000000 +0900
+++ Makefile	2010-10-20 16:13:46.000000000 +0900
@@ -8,8 +8,7 @@
 #
 
 PORTNAME=	apache
-PORTVERSION=	2.2.16
-PORTREVISION=	2
+PORTVERSION=	2.2.17
 CATEGORIES=	www
 MASTER_SITES=	${MASTER_SITE_APACHE_HTTPD}
 DISTNAME=	httpd-${PORTVERSION}
--- distinfo.orig	2010-07-28 13:29:51.000000000 +0900
+++ distinfo	2010-10-20 16:15:12.000000000 +0900
@@ -1,3 +1,3 @@
-MD5 (apache22/httpd-2.2.16.tar.bz2) = c8ff2a07c884300bc7766a2e7f662d33
-SHA256 (apache22/httpd-2.2.16.tar.bz2) = 9457d57a6bea15ce5bde83c88803c030953b99bdd0fbae65854adff527ed4c52
-SIZE (apache22/httpd-2.2.16.tar.bz2) = 4775545
+MD5 (apache22/httpd-2.2.17.tar.bz2) = 16eadc59ea6b38af33874d300973202e
+SHA256 (apache22/httpd-2.2.17.tar.bz2) = 868af11e3ed8fa9aade15241ea4f51971b3ef71104292ca2625ef2065e61fb04
+SIZE (apache22/httpd-2.2.17.tar.bz2) = 4951247
	


>Release-Note:
>Audit-Trail:
>Unformatted:

