ports/143932: [UPDATE] ports/www/mod_security to version v2.5.12
Andrei Lavreniyuk
andy.lavr at reactor-xg.kiev.ua
Sun Feb 14 14:05:07 UTC 2010
>Number: 143932
>Category: ports
>Synopsis: [UPDATE] ports/www/mod_security to version v2.5.12
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Feb 14 14:05:06 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Andrei Lavreniyuk
>Release: FreeBSD 8.0-STABLE
>Organization:
Technica-03, Inc.
>Environment:
FreeBSD datacenter.technica-03.local 8.0-STABLE FreeBSD 8.0-STABLE #0: Sat Feb 13 11:01:53 EET 2010 root at datacenter.technica-03.local:/usr/obj/usr/src/sys/SMP64 amd64
>Description:
Please update ports/www/mod_security to version v2.5.12
_____________________________________________________________
http://www.modsecurity.org/
of version v2.5.12:
http://sourceforge.net/projects/mod-security/files/modsecurity-apache/2.5.12/CHANGES_2.5.12.txt/download
More details from the SVN log:
* r1488 | b1v1r | 2010-02-05 19:38:56 +0100 (Fri, 05 Feb 2010) | 1 line
Cleanup path nomalization routine and add some further regression tests
(MODSEC-123).
* r1487 | b1v1r | 2010-02-05 19:26:43 +0100 (Fri, 05 Feb 2010) | 1 line
Fixed SecUploadFileMode to set the correct mode (MODSEC-129).
* r1486 | b1v1r | 2010-02-05 19:24:44 +0100 (Fri, 05 Feb 2010) | 1 line
Fixed nolog,auditlog/noauditlog/nolog controls for disruptive actions
(MODSEC-78, MODSEC-130)
* r1479 | b1v1r | 2010-02-05 19:15:31 +0100 (Fri, 05 Feb 2010) | 1 line
Added SecUploadFileLimit (MODSEC-116).
* r1478 | b1v1r | 2010-02-05 19:14:08 +0100 (Fri, 05 Feb 2010) | 1 line
Rewrote path normalization routine (MODSEC-123).
* r1476 | b1v1r | 2010-02-05 19:12:53 +0100 (Fri, 05 Feb 2010) | 1 line
Trim whitespace around phrases used with @pmFromFile and allow for
both LF and CRLF terminated lines (MODSEC-126).
* r1474 | b1v1r | 2010-02-05 19:11:36 +0100 (Fri, 05 Feb 2010) | 1 line
Allow for more robust parsing for multipart header folding. Reported
by Sogeti/ESEC R&D (MODSEC-118). Added additional multipart regression
tests.
* r1472 | b1v1r | 2010-02-05 19:09:19 +0100 (Fri, 05 Feb 2010) | 1 line
Added PCRE limits and studying by default to help alleviate REDoS
reported by Sogeti/ESEC R&D (MODSEC-119).
* r1471 | b1v1r | 2010-02-05 19:07:56 +0100 (Fri, 05 Feb 2010) | 1 line
Fixed memory leak in v1 cookie parser reported by Sogeti/ESEC R&D
(MODSEC-121).
Further references:
http://secunia.com/advisories/38460/
http://freshmeat.net/projects/modsecurity/releases/312017
CVE Request:
http://www.openwall.com/lists/oss-security/2010/02/10/2
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list