FreshPorts -- The Place For Ports If you buy from Amazon USA, please support us by using this link.
Follow us

I am looking for an LTO tape library. Do you have one to spare?
Commit found by message id
Wed, 9 Dec 2009
[ 23:48:01 pgollucci ] Original commit 
apache22 www files touched by this commit  An older version of this port was marked as vulnerable. Version 2.2.x of Apache web server with prefork MPM.
- Update to 2.2.14
- With hat apache@

Note: The 3 CVE's are a no-op for the FreeBSD port --

date: 2009/08/25 05:33:03;  author: kuriyama;  state: Exp;  lines: +0 -0
(Forced commit)

- 2.2.13 (acutally 2.2.12) includes fixes for several CVEs. [1]
  but in our ports tree, APR related ones (CVE-2009-0023,
  CVE-2009-1955, CVE-2009-1956) were already backported in 2.2.11_5.

References: [1]


  *) SECURITY: CVE-2009-2699 (
     Fixed in APR 1.3.9.  Faulty error handling in the Solaris pollset support
     (Event Port backend) which could trigger hangs in the prefork and event
     MPMs on that platform.  PR 47645.  [Jeff Trawick]

  *) SECURITY: CVE-2009-3095 (
     mod_proxy_ftp: sanity check authn credentials.
     [Stefan Fritsch <sf>, Joe Orton]

  *) SECURITY: CVE-2009-3094 (
     mod_proxy_ftp: NULL pointer dereference on error paths.
     [Stefan Fritsch <sf>, Joe Orton]

  *) mod_proxy_scgi: Backport from trunk. [André Malo]

  *) mod_ldap: Don't try to resolve file-based user ids to a DN when AuthLDAPURL
     has been defined at a very high level.  PR 45946.  [Eric Covener]

  *) htcacheclean: 19 ways to fail, 1 error message. Fixed. [Graham Leggett]

  *) mod_ldap: Bring the LDAPCacheEntries and LDAPOpCacheEntries
     usage() in synch with the manual and the implementation (0 and -1
     both disable the cache). [Eric Covener]

  *) mod_ssl: The error message when SSLCertificateFile is missing should
     at least give the name or position of the problematic virtual host
     definition. [Stefan Fritsch sf]

  *) htdbm: Fix possible buffer overflow if dbm database has very
     long values.  PR 30586 [Dan Poirier]

  *) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb>]

  *) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute
     type.  PR 45107.  [Michael Ströder <michael>,
     Peter Sylvester <peter.sylvester>]

  *) mod_cache: Add CacheIgnoreURLSessionIdentifiers directive to ignore
     defined session identifiers encoded in the URL when caching.
     [Ruediger Pluem]

  *) mod_mem_cache: fix seg fault under load due to pool concurrency problem
     PR: 47672 [Dan Poirier <poirier>]

  *) mod_autoindex: Correctly create an empty cell if the description
     for a file is missing. PR 47682 [Peter Poeml <poeml>]

Number of ports [& non-ports] in this commit: 1

Showing files for just one port: www/apache22

show all files

hide all files

2 files found
modify 1.244 View diff View revision /ports/head/www/apache22/Makefile
modify 1.78 View diff View revision /ports/head/www/apache22/distinfo
User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
How big is it?
The latest upgrade!

Enter Keywords:

Latest Vulnerabilities
asterisk11Sep 18
squidSep 18
squid33Sep 18
dbusSep 17
nginxSep 16
nginx-develSep 16
phpmyadminSep 13
ossec-hids-clientSep 11
ossec-hids-localSep 11
ossec-hids-serverSep 11
chromiumSep 09
trafficserverSep 05
apache22*Sep 03
apache22-event-mpm*Sep 03
apache22-itk-mpm*Sep 03

8 vulnerabilities affecting 19 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities

Deleted ports
Sanity Test Failures

NEW Graphs (Javascript)

Calculated hourly:
Port count 24097
Broken 120
Deprecated 91
Ignore 384
Forbidden 17
Restricted 203
Vulnerable 21
Expired 2
Set to expire 86
Interactive 0
new 24 hours 2
new 48 hours3
new 7 days33
new fortnight71
new month232

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2014 Dan Langille. All rights reserved.