svn commit: r508943 - head/www/libnghttp2
Po-Chuan Hsieh
sunpoet at freebsd.org
Fri Aug 16 18:40:34 UTC 2019
On Fri, Aug 16, 2019 at 8:32 PM Jochen Neumeister <joneum at freebsd.org>
wrote:
>
> Am 14.08.2019 um 22:11 schrieb Niclas Zeising:
> > On 2019-08-14 20:01, Sunpoet Po-Chuan Hsieh wrote:
> >> Author: sunpoet
> >> Date: Wed Aug 14 18:01:00 2019
> >> New Revision: 508943
> >> URL: https://svnweb.freebsd.org/changeset/ports/508943
> >>
> >> Log:
> >> Update to 1.39.2
> >
> > This needs a VuXML entry, and should be merged to 2019Q3 branch.
> > Regards
>
>
> From the Changelog:
>
> This release fixes CVE-2019-9511 “Data Dribble” and CVE-2019-9513
> “Resource Loop” vulnerability in nghttpx and nghttpd. Specially crafted
> HTTP/2
> frames cause Denial of Service by consuming CPU time
>
>
> so please add a vuxml entry.
>
> After that, Approved for 2019Q3.
>
FYI, vuxml entry was added in 509113.
The update was MFH'd in r509118.
>
> Cheers
> joneum (ports-secteam)
>
>
More information about the svn-ports-all
mailing list