Date: Wed, 18 Aug 2004 19:40:07 +0000 (UTC) From: Clement Laforet <clement@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/www/apache2 Makefile ports/www/apache2/files patch-secfix-modules:ssl:ssl_engine_io.c Message-ID: <200408181940.i7IJe7PO092410@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
clement 2004-08-18 19:40:07 UTC
FreeBSD ports repository
Modified files:
www/apache2 Makefile
Added files:
www/apache2/files patch-secfix-modules:ssl:ssl_engine_io.c
Log:
- Backport security fixes in ssl_engine_io.c
* [SECURITY] mod_ssl: Fix potential input filter segfaults in
SPECULATIVE mode. (rollback handling for AP_MODE_SPECULATIVE)
"This issue has possible security implications; it's been assigned CVE
CAN-2004-0751 (cve.mitre.org)."
http://issues.apache.org/bugzilla/show_bug.cgi?id=30134
* [SECURITY] mod_ssl: Fix potential infinite loop.
(potential infinite loop in ssl_io_input_getline if connection is
aborted without inctx->rc being set.)
http://issues.apache.org/bugzilla/show_bug.cgi?id=27945
http://issues.apache.org/bugzilla/show_bug.cgi?id=29690
Obtained from: Apache CVS (httpd-2.0 HEAD)
Revision Changes Path
1.197 +1 -1 ports/www/apache2/Makefile
1.1 +34 -0 ports/www/apache2/files/patch-secfix-modules:ssl:ssl_engine_io.c (new)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408181940.i7IJe7PO092410>