FreshPorts -- The Place For Ports If you buy from Amazon USA, please support us by using this link.
Follow us
Blog
Twitter

I am looking for an LTO tape library. Do you have one to spare?
Commit found by message id
Thu, 21 Oct 2010
[ 05:55:25 pgollucci ] Original commit 
apache20 www  Deleted Deprecated Expired files touched by this commit  This port version is marked as vulnerable. Version 2.0.x of Apache web server with prefork MPM.
- Update to 2.0.64
- normalize patch-pcre.diff into makepatch format
- All 4 CVE patches are included upstream and part of 2.0.64
- part of the local apxs.in changes are upstream now too
- some patches were regenerated for offset updates

  ** There is NO security update here.  **

Changes:    http://www.apache.org/dist/httpd/CHANGES_2.0
With Hat:   apache@

<ChangeLog>
  *) SECURITY: CVE-2010-1452 (cve.mitre.org)
     mod_dav: Fix Handling of requests without a path segment.
     PR: 49246 [Mark Drayton, Jeff Trawick]

  *) SECURITY: CVE-2009-1891 (cve.mitre.org)
     Fix a potential Denial-of-Service attack against mod_deflate or other
     modules, by forcing the server to consume CPU time in compressing a
     large file after a client disconnects.  PR 39605.
     [Joe Orton, Ruediger Pluem]

  *) SECURITY: CVE-2009-3095 (cve.mitre.org)
     mod_proxy_ftp: sanity check authn credentials.
     [Stefan Fritsch <sf fritsch.de>, Joe Orton]

  *) SECURITY: CVE-2009-3094 (cve.mitre.org)
     mod_proxy_ftp: NULL pointer dereference on error paths.
     [Stefan Fritsch <sf fritsch.de>, Joe Orton]

  *) SECURITY: CVE-2009-3555 (cve.mitre.org)
     mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
     attack when compiled against OpenSSL version 0.9.8m or later. Introduces
     the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
     and offer unsafe legacy renegotiation with clients which do not yet
     support the new secure renegotiation protocol, RFC 5746.
     [Joe Orton, and with thanks to the OpenSSL Team]

  *) SECURITY: CVE-2009-3555 (cve.mitre.org)
     mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
     for OpenSSL versions prior to 0.9.8l; reject any client-initiated
     renegotiations. Forcibly disable keepalive for the connection if there
     is any buffered data readable. Any configuration which requires
     renegotiation for per-directory/location access control is still
     vulnerable, unless using openssl 0.9.8l or later.
     [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>,
      Rainer Jung]

  *) SECURITY: CVE-2010-0434 (cve.mitre.org)
     Ensure each subrequest has a shallow copy of headers_in so that the
     parent request headers are not corrupted.  Elimiates a problematic
     optimization in the case of no request body.  PR 48359
     [Jake Scott, William Rowe, Ruediger Pluem]

  *) SECURITY: CVE-2008-2364 (cve.mitre.org)
     mod_proxy_http: Better handling of excessive interim responses
     from origin server to prevent potential denial of service and high
     memory usage. Reported by Ryujiro Shibuya. [Ruediger Pluem,
     Joe Orton, Jim Jagielski]

  *) SECURITY: CVE-2010-0425 (cve.mitre.org)
     mod_isapi: Do not unload an isapi .dll module until the request
     processing is completed, avoiding orphaned callback pointers.
     [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]

  *) SECURITY: CVE-2008-2939 (cve.mitre.org)
     mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
     the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]

  *) Fix recursive ErrorDocument handling. PR 36090 [Chris Darroch]

  *) mod_ssl: Do not do overlapping memcpy. PR 45444 [Joe Orton]

  *) Add Set-Cookie and Set-Cookie2 to the list of headers allowed to pass
     through on a 304 response.  [Nick Kew]

  *) apxs: Fix -A and -a options to ignore whitespace in httpd.conf
     [Philip M. Gollucci]
</ChangeLog>

Number of ports [& non-ports] in this commit: 1

show all files

Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
FAQ
How big is it?
The latest upgrade!
Privacy
Forums
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
chromiumAug 26
fileAug 21
py-djangoAug 21
py-django-develAug 21
py-django14Aug 21
py-django15Aug 21
php53Aug 18
phpmyadminAug 17
chromiumAug 13
serfAug 11
subversionAug 11
subversion17Aug 11
nginxAug 09
nginx-develAug 09
mingw32-opensslAug 06

6 vulnerabilities affecting 9 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds


Statistics
Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:
Port count 24357
Broken 182
Deprecated 514
Ignore 482
Forbidden 17
Restricted 224
No CDROM 96
Vulnerable 23
Expired 430
Set to expire 503
Interactive 0
new 24 hours 5
new 48 hours8
new 7 days37
new fortnight92
new month261


Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2014 Dan Langille. All rights reserved.