From 4d47efd9bb74ca30f360bccc6d6f740644dbecca Mon Sep 17 00:00:00 2001 From: Olli Hauer Date: Wed, 3 Sep 2014 20:32:11 +0000 Subject: MFH: r367225 - update vid f927e06c-1109-11e4-b090-20cf30e32f6d (httpd-2.2.29 was released today) Approved by: portmgr (erwin@) --- security/vuxml/vuln.xml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index cf650ce6be79..18020f2b6bbc 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -653,29 +653,29 @@ Notes: apache22 - 2.2.02.2.27_6 + 2.2.02.2.29 apache22-event-mpm - 2.2.02.2.27_6 + 2.2.02.2.29 apache22-itk-mpm - 2.2.02.2.27_6 + 2.2.02.2.29 apache22-peruser-mpm - 2.2.02.2.27_6 + 2.2.02.2.29 apache22-worker-mpm - 2.2.02.2.27_6 + 2.2.02.2.29

Apache HTTP SERVER PROJECT reports:

+

mod_deflate: The DEFLATE input filter (inflates request bodies) now limits the length and compression ratio of inflated request bodies to avoid denial of service via highly compressed bodies. See directives @@ -689,6 +689,10 @@ Notes: communication with scripts.

Fix a race condition in scoreboard handling, which could lead to a heap buffer overflow.
+
core: HTTP trailers could be used to replace HTTP headers late during + request processing, potentially undoing or otherwise confusing modules + that examined or modified request headers earlier. Adds "MergeTrailers" + directive to restore legacy behavior.

@@ -696,10 +700,12 @@ Notes: CVE-2014-0118 CVE-2014-0231 CVE-2014-0226 + CVE-2013-5704 2014-07-19 2014-07-24 + 2014-09-03 -- cgit v1.2.3