svn commit: r508943 - head/www/libnghttp2
Jochen Neumeister
joneum at FreeBSD.org
Fri Aug 16 12:32:55 UTC 2019
Am 14.08.2019 um 22:11 schrieb Niclas Zeising:
> On 2019-08-14 20:01, Sunpoet Po-Chuan Hsieh wrote:
>> Author: sunpoet
>> Date: Wed Aug 14 18:01:00 2019
>> New Revision: 508943
>> URL: https://svnweb.freebsd.org/changeset/ports/508943
>>
>> Log:
>> Update to 1.39.2
>
> This needs a VuXML entry, and should be merged to 2019Q3 branch.
> Regards
From the Changelog:
This release fixes CVE-2019-9511 “Data Dribble” and CVE-2019-9513
“Resource Loop” vulnerability in nghttpx and nghttpd. Specially crafted
HTTP/2
frames cause Denial of Service by consuming CPU time
so please add a vuxml entry.
After that, Approved for 2019Q3.
Cheers
joneum (ports-secteam)
More information about the svn-ports-all
mailing list