Fw: cvs commit: ports/www/apache2 Makefile ports/www/apache2/files
patch-secfix-modules:ssl:ssl_engine_io.c
Clement Laforet
sheepkiller at cultdeadsheep.org
Wed Aug 18 12:41:05 PDT 2004
FYI,
Begin forwarded message:
Date: Wed, 18 Aug 2004 19:40:07 +0000 (UTC)
From: Clement Laforet <clement at FreeBSD.org>
To: ports-committers at FreeBSD.org, cvs-ports at FreeBSD.org, cvs-all at FreeBSD.org
Subject: cvs commit: ports/www/apache2 Makefile ports/www/apache2/files patch-secfix-modules:ssl:ssl_engine_io.c
clement 2004-08-18 19:40:07 UTC
FreeBSD ports repository
Modified files:
www/apache2 Makefile
Added files:
www/apache2/files patch-secfix-modules:ssl:ssl_engine_io.c
Log:
- Backport security fixes in ssl_engine_io.c
* [SECURITY] mod_ssl: Fix potential input filter segfaults in
SPECULATIVE mode. (rollback handling for AP_MODE_SPECULATIVE)
"This issue has possible security implications; it's been assigned CVE
CAN-2004-0751 (cve.mitre.org)."
http://issues.apache.org/bugzilla/show_bug.cgi?id=30134
* [SECURITY] mod_ssl: Fix potential infinite loop.
(potential infinite loop in ssl_io_input_getline if connection is
aborted without inctx->rc being set.)
http://issues.apache.org/bugzilla/show_bug.cgi?id=27945
http://issues.apache.org/bugzilla/show_bug.cgi?id=29690
Obtained from: Apache CVS (httpd-2.0 HEAD)
Revision Changes Path
1.197 +1 -1 ports/www/apache2/Makefile
1.1 +34 -0 ports/www/apache2/files/patch-secfix-modules:ssl:ssl_engine_io.c (new)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-apache/attachments/20040818/60349871/attachment.bin
More information about the freebsd-apache
mailing list