Number of commits found: 4

- Update to 2.2.22

Addresses:
* SECURITY: CVE-2011-3607 (cve.mitre.org)
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP
Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif
module is enabled, allows local users to gain privileges via a .htaccess file
with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request
header, leading to a heap-based buffer overflow.

* SECURITY: CVE-2012-0021 (cve.mitre.org)
The log_cookie function in mod_log_config.c in the mod_log_config module in the
Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not
properly handle a %{}C format string, which allows remote attackers to cause a
denial of service (daemon crash) via a cookie that lacks both a name and a

(Only the first 15 lines of the commit message are shown above )

- Restore inadvertently removed log renames from previous commit

Noticed by:     sunpoet@
Pointy Hat:     pgollucci@

- Pull r1227293 from httpd svn
  Note, you have to actually uncomment the include for this to take affect
- No PORTREVISION bump since nothing changes by default

PR:             ports/156987
Reported by:    Adrian Dimcev <adimcev@carbonwind.net>
With Hat:       apache@

- Regenerate patch files with make makepatch for they have
  piled up and additional patches conflict.
  This also will help when we try to syncronize www/apache20&www/apache22
- Unconditionally apply the mod_proxy_connect patch, you just may or may
  not actually compile the file to save some logic in Makefile

With Hat:   apache@

Number of commits found: 4

12 vulnerabilities affecting 17 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities