svn commit: r491040 - head/security/vuxml
Jochen Neumeister
joneum at FreeBSD.org
Wed Jan 23 14:37:45 UTC 2019
Author: joneum
Date: Wed Jan 23 14:37:44 2019
New Revision: 491040
URL: https://svnweb.freebsd.org/changeset/ports/491040
Log:
Add entry for www/apache24
Sponsored by: Netzkommune GmbH
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Jan 23 14:25:24 2019 (r491039)
+++ head/security/vuxml/vuln.xml Wed Jan 23 14:37:44 2019 (r491040)
@@ -58,6 +58,46 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="eb888ce5-1f19-11e9-be05-4c72b94353b5">
+ <topic>Apache -- vulnerability</topic>
+ <affects>
+ <package>
+ <name>apache24</name>
+ <range><lt>2.4.38</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Apache httpd Project reports:</p>
+ <blockquote cite="http://httpd.apache.org/security/vulnerabilities_24.html">
+ <p>SECURITY: CVE-2018-17199
+ mod_session: mod_session_cookie does not respect expiry time allowing
+ sessions to be reused.</p>
+ <p>SECURITY: CVE-2019-0190
+ mod_ssl: Fix infinite loop triggered by a client-initiated
+ renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
+ later. PR 63052.</p>
+ <p>SECURITY: CVE-2018-17189
+ mod_http2: fixes a DoS attack vector. By sending slow request bodies
+ to resources not consuming them, httpd cleanup code occupies a server
+ thread unnecessarily. This was changed to an immediate stream reset
+ which discards all stream state and incoming data.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.apache.org/dist/httpd/CHANGES_2.4.38</url>
+ <url>http://httpd.apache.org/security/vulnerabilities_24.html</url>
+ <cvename>CVE-2018-17199</cvename>
+ <cvename>CVE-2018-17189</cvename>
+ <cvename>CVE-2019-0190</cvename>
+ </references>
+ <dates>
+ <discovery>2019-01-22</discovery>
+ <entry>2019-01-23</entry>
+ </dates>
+ </vuln>
+
<vuln vid="4af3241d-1f0c-11e9-b4bd-d43d7eed0ce2">
<topic>www/mod_dav_svn -- Malicious SVN clients can crash mod_dav_svn.</topic>
<affects>
More information about the svn-ports-head
mailing list