Date: Thu, 22 Dec 2016 18:47:08 +0000 (UTC) From: Bernard Spil <brnrd@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r429174 - head/security/vuxml Message-ID: <201612221847.uBMIl8G1084165@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: brnrd Date: Thu Dec 22 18:47:08 2016 New Revision: 429174 URL: https://svnweb.freebsd.org/changeset/ports/429174 Log: security/vuxml: Add severity to recent Apache vulnerabilities Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Dec 22 18:08:45 2016 (r429173) +++ head/security/vuxml/vuln.xml Thu Dec 22 18:47:08 2016 (r429174) @@ -400,7 +400,7 @@ Notes: <p>Apache Software Foundation reports:</p> <blockquote cite="http://httpd.apache.org/security/vulnerabilities_24.html"> <ul> - <li>TBD: Apache HTTP Request Parsing Whitespace Defects CVE-2016-8743<br/> + <li>Important: Apache HTTP Request Parsing Whitespace Defects CVE-2016-8743<br/> Apache HTTP Server, prior to release 2.4.25, accepted a broad pattern of unusual whitespace patterns from the user-agent, including bare CR, FF, VTAB in parsing the request line and @@ -459,7 +459,7 @@ Notes: padding oracle attack.<br/> </li> </ul><ul> - <li>n/a: HTTP/2 CONTINUATION denial of service CVE-2016-8740<br/> + <li>low: HTTP/2 CONTINUATION denial of service CVE-2016-8740<br/> The HTTP/2 protocol implementation (mod_http2) had an incomplete handling of the LimitRequestFields directive. This allowed an attacker to inject unlimited request headers into the server, @@ -488,6 +488,7 @@ Notes: <dates> <discovery>2016-12-20</discovery> <entry>2016-12-21</entry> + <modified>2016-12-22</modified> </dates> </vuln>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201612221847.uBMIl8G1084165>