From owner-freebsd-apache@freebsd.org  Tue Dec  6 12:04:09 2016
Return-Path: <owner-freebsd-apache@freebsd.org>
Delivered-To: freebsd-apache@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8861EC6A8FF
 for <freebsd-apache@mailman.ysv.freebsd.org>;
 Tue,  6 Dec 2016 12:04:09 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3])
 by mx1.freebsd.org (Postfix) with ESMTP id 71FB9D5E
 for <freebsd-apache@freebsd.org>; Tue,  6 Dec 2016 12:04:09 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 7155EC6A8FE; Tue,  6 Dec 2016 12:04:09 +0000 (UTC)
Delivered-To: apache@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 70F76C6A8FD
 for <apache@mailman.ysv.freebsd.org>; Tue,  6 Dec 2016 12:04:09 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 60665D5D
 for <apache@FreeBSD.org>; Tue,  6 Dec 2016 12:04:09 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uB6C49In017214
 for <apache@FreeBSD.org>; Tue, 6 Dec 2016 12:04:09 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: apache@FreeBSD.org
Subject: [Bug 215096] www/apache24: Fix HTTP/2 DoS vulnerability
Date: Tue, 06 Dec 2016 12:04:09 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Ports & Packages
X-Bugzilla-Component: Individual Port(s)
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: patch, security
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: ohauer@FreeBSD.org
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: apache@FreeBSD.org
X-Bugzilla-Flags: maintainer-feedback? merge-quarterly?
X-Bugzilla-Changed-Fields: bug_status cc
Message-ID: <bug-215096-16115-QsHo4HdGKK@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-215096-16115@https.bugs.freebsd.org/bugzilla/>
References: <bug-215096-16115@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-apache@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Support of apache-related ports  <freebsd-apache.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-apache>, 
 <mailto:freebsd-apache-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-apache/>
List-Post: <mailto:freebsd-apache@freebsd.org>
List-Help: <mailto:freebsd-apache-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-apache>,
 <mailto:freebsd-apache-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Dec 2016 12:04:09 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D215096

Olli Hauer <ohauer@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|New                         |Open
                 CC|                            |ohauer@FreeBSD.org

--- Comment #1 from Olli Hauer <ohauer@FreeBSD.org> ---
Hi Bernhard,

I've read about the CVE note this morning in the train, but have not time to
test until weekend ..
If the build is OK, please go on and commit the patch!

Since http2 is off by default, I'm not sure if we need PORTREV. bump and MF=
H,
but without I see no way to handle the vuxml entry ...

--=20
You are receiving this mail because:
You are the assignee for the bug.=