Current status

Number of commits found XX: 2

- update to version 2.2.24
- move mpm itk patches to itk-mpm/files dir
- add sshd to REQUIRE line in the rc script to prevent boot
  issues in case a SSL cert is password protected [1]

Changes with Apache 2.2.24
 SECURITY: CVE-2012-3499 (cve.mitre.org) Various XSS flaws due to
 unescaped hostnames and URIs HTML output in mod_info, mod_status,
 mod_imagemap, mod_ldap, and mod_proxy_ftp.  [Jim Jagielski, Stefan
 Fritsch, Niels Heinen <heinenn google com>]

 SECURITY: CVE-2012-4558 (cve.mitre.org)
 XSS in mod_proxy_balancer manager interface. [Jim Jagielski,
 Niels Heinen <heinenn google com>]

(Only the first 15 lines of the commit message are shown above )

 - update Apache 2 ITK MPM patch to version 20110321-01 [1]
 - add additional patch for mpm-itk [2]
 - add mod_substitute to apache22 [3]
 - add some documentation into the mpm-itk* patches
 - bump portrevision

 Changes:
 [1] apache2.2-mpm-itk 2.2.17-01, released 2011-03-21:
  * Fixed CVE-2011-1176: If NiceValue was set, the default with no
    AssignUserID was to run as root:root instead of the default Apache user
    and group, due to the configuration merger having an incorrect default
    configuration.
  * Rebase against Apache 2.2.17.
  * Fix an issue where users can sometimes get spurious 403s on persistent
    connections, if the .htaccess files are not world readable.

(Only the first 15 lines of the commit message are shown above )

Number of commits found XX: 2

10 vulnerabilities affecting 79 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities

Last updated:
2021-03-05 21:21:29