diff options
| author | Olli Hauer <ohauer@FreeBSD.org> | 2014-09-03 20:32:11 +0000 |
|---|---|---|
| committer | Olli Hauer <ohauer@FreeBSD.org> | 2014-09-03 20:32:11 +0000 |
| commit | 4d47efd9bb74ca30f360bccc6d6f740644dbecca (patch) | |
| tree | a43b3edffe93c4bcf36ea6d6b624a1d3afd2848a | |
| parent | 1553ab42003e3a1b5b08f63bbbe2c35a4ba0b935 (diff) | |
| download | ports-4d47efd9bb74ca30f360bccc6d6f740644dbecca.tar.gz ports-4d47efd9bb74ca30f360bccc6d6f740644dbecca.zip | |
MFH: r367225
- update vid f927e06c-1109-11e4-b090-20cf30e32f6d
(httpd-2.2.29 was released today)
Approved by: portmgr (erwin@)
Notes
Notes:
svn path=/branches/2014Q3/; revision=367232
| -rw-r--r-- | security/vuxml/vuln.xml | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index cf650ce6be79..18020f2b6bbc 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -653,29 +653,29 @@ Notes: <affects> <package> <name>apache22</name> - <range><gt>2.2.0</gt><lt>2.2.27_6</lt></range> + <range><gt>2.2.0</gt><lt>2.2.29</lt></range> </package> <package> <name>apache22-event-mpm</name> - <range><gt>2.2.0</gt><lt>2.2.27_6</lt></range> + <range><gt>2.2.0</gt><lt>2.2.29</lt></range> </package> <package> <name>apache22-itk-mpm</name> - <range><gt>2.2.0</gt><lt>2.2.27_6</lt></range> + <range><gt>2.2.0</gt><lt>2.2.29</lt></range> </package> <package> <name>apache22-peruser-mpm</name> - <range><gt>2.2.0</gt><lt>2.2.27_6</lt></range> + <range><gt>2.2.0</gt><lt>2.2.29</lt></range> </package> <package> <name>apache22-worker-mpm</name> - <range><gt>2.2.0</gt><lt>2.2.27_6</lt></range> + <range><gt>2.2.0</gt><lt>2.2.29</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>Apache HTTP SERVER PROJECT reports:</p> - <blockquote cite="http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?revision=1611816&view=markup"> + <blockquote cite="http://www.apache.org/dist/httpd/CHANGES_2.2.29"> <p> mod_deflate: The DEFLATE input filter (inflates request bodies) now limits the length and compression ratio of inflated request bodies to avoid denial of service via highly compressed bodies. See directives @@ -689,6 +689,10 @@ Notes: communication with scripts.</p> <p>Fix a race condition in scoreboard handling, which could lead to a heap buffer overflow.</p> + <p>core: HTTP trailers could be used to replace HTTP headers late during + request processing, potentially undoing or otherwise confusing modules + that examined or modified request headers earlier. Adds "MergeTrailers" + directive to restore legacy behavior.</p> </blockquote> </body> </description> @@ -696,10 +700,12 @@ Notes: <cvename>CVE-2014-0118</cvename> <cvename>CVE-2014-0231</cvename> <cvename>CVE-2014-0226</cvename> + <cvename>CVE-2013-5704</cvename> </references> <dates> <discovery>2014-07-19</discovery> <entry>2014-07-24</entry> + <modified>2014-09-03</modified> </dates> </vuln> |