FreshPorts -- The Place For Ports If you buy from Amazon USA, please support us by using this link.
Follow us

I am looking for an LTO tape library. Do you have one to spare?
Commit found by message id
Wed, 10 Jul 2013
[ 19:01:44 ohauer ] Original commit   Revision:322728
apache22 www files touched by this commit  An older version of this port was marked as vulnerable. Version 2.2.x of Apache web server with prefork MPM.
vuxml security files touched by this commit Vulnerability and eXposure Markup Language DTD
- update to apache-2.2.25
- update vuxml with additional CVE-2013-1896 entry

Changes with Apache 2.2.25

  *) SECURITY: CVE-2013-1896 (
     mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
     the source href (sent as part of the request body as XML) pointing to a
     URI that is not configured for DAV will trigger a segfault. [Ben Reser

  *) SECURITY: CVE-2013-1862 (
     mod_rewrite: Ensure that client data written to the RewriteLog is
     escaped to prevent terminal escape sequences from entering the
     log file.  [Eric Covener, Jeff Trawick, Joe Orton]

  *) core: Limit ap_pregsub() to 64MB and add ap_pregsub_ex() for longer
     strings.  The default limit for ap_pregsub() can be adjusted at compile
      time by defining AP_PREGSUB_MAXLEN.  [Stefan Fritsch, Jeff Trawick]

  *) core: Support the SINGLE_LISTEN_UNSERIALIZED_ACCEPT optimization
     on Linux kernel versions 3.x and above.  PR 55121.  [Bradley Heilbrun

  *) mod_setenvif: Log error on substitution overflow.
     [Stefan Fritsch]

  *) mod_ssl/proxy: enable the SNI extension for backend TLS connections
     [Kaspar Brand]

  *) mod_proxy: Use the the same hostname for SNI as for the HTTP request when
     forwarding to SSL backends. PR 53134.
     [Michael Weiser <michael>, Ruediger Pluem]

  *) mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits
     in the error log to debug level.  [William Rowe]

  *) mod_ssl: Catch missing, mismatched or encrypted client cert/key pairs
     with SSLProxyMachineCertificateFile/Path directives. PR 52212, PR 54698.
     [Keith Burdis <keith>, Joe Orton, Kaspar Brand]

  *) mod_proxy_balancer: Added balancer parameter failontimeout to allow server
     admin to configure an IO timeout as an error in the balancer.
     [Daniel Ruggeri]

  *) mod_authnz_ldap: Allow using exec: calls to obtain LDAP bind
     password.  [Daniel Ruggeri]

  *) htdigest: Fix buffer overflow when reading digest password file
     with very long lines. PR 54893. [Rainer Jung]

  *) mod_dav: Ensure URI is correctly uriencoded on return. PR 54611
     [Timothy Wood <tjw>]

  *) mod_dav: Make sure that when we prepare an If URL for Etag comparison,
     we compare unencoded paths. PR 53910 [Timothy Wood <tjw>]

  *) mod_dav: Sending an If or If-Match header with an invalid ETag doesn't
     result in a 412 Precondition Failed for a COPY operation. PR54610
     [Timothy Wood <tjw>]

  *) mod_dav: When a PROPPATCH attempts to remove a non-existent dead
     property on a resource for which there is no dead property in the same
     namespace httpd segfaults. PR 52559 [Diego Santa Cruz

  *) mod_dav: Do not fail PROPPATCH when prop namespace is not known.
     PR 52559 [Diego Santa Cruz <diego.santaCruz>]

  *) mod_dav: Do not segfault on PROPFIND with a zero length DBM.
     PR 52559 [Diego Santa Cruz <diego.santaCruz>]

PR:		ports/180248
Submitted by:	Jason Helfman jgh@

Number of ports [& non-ports] in this commit: 2

Showing files for just one port: security/vuxml

show all files

hide all files

1 file found
modify 322728 View diff View revision /ports/head/security/vuxml/vuln.xml
User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
How big is it?
The latest upgrade!

Enter Keywords:

Latest Vulnerabilities
asterisk11Sep 18
squidSep 18
squid33Sep 18
dbusSep 17
nginxSep 16
nginx-develSep 16
phpmyadminSep 13
ossec-hids-clientSep 11
ossec-hids-localSep 11
ossec-hids-serverSep 11
chromiumSep 09
trafficserverSep 05
apache22*Sep 03
apache22-event-mpm*Sep 03
apache22-itk-mpm*Sep 03

8 vulnerabilities affecting 19 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities

Deleted ports
Sanity Test Failures

NEW Graphs (Javascript)

Calculated hourly:
Port count 24131
Broken 116
Deprecated 45
Ignore 370
Forbidden 3
Restricted 205
Vulnerable 20
Expired 1
Set to expire 40
Interactive 0
new 24 hours 0
new 48 hours74
new 7 days93
new fortnight142
new month301

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2014 Dan Langille. All rights reserved.