Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 27 Jul 2006 22:30:52 +0200
From:      Clement Laforet <clement@FreeBSD.org>
To:        apache@FreeBSD.org
Subject:   Fwd: cvs commit: ports/www/apache13-modperl Makefile ports/www/apache13-modperl/files patch-secfix-CVE-2006-3747 ports/www/apache13-ssl Makefile ports/www/apache13-ssl/files patch-secfix-CVE-2006-3747 ports/www/apache20 Makefile ports/www/apache20/files p
Message-ID:  <20060727203052.GA69926@goofy.cultdeadsheep.org>
index | next in thread | raw e-mail 

[-- Attachment #1 --]
FYI.

----- Forwarded message from Clement Laforet <clement@FreeBSD.org> -----

From: Clement Laforet <clement@FreeBSD.org>
Date: Thu, 27 Jul 2006 20:26:29 +0000 (UTC)
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: cvs commit: ports/www/apache13-modperl Makefile ports/www/apache13-modperl/files
         patch-secfix-CVE-2006-3747 ports/www/apache13-ssl Makefile
         ports/www/apache13-ssl/files patch-secfix-CVE-2006-3747 ports/www/apache20
         Makefile ports/www/apache20/files patch-secfix-CVE-2006-3747 ...

clement     2006-07-27 20:26:29 UTC

  FreeBSD ports repository

  Modified files:
    www/apache13-modperl Makefile 
    www/apache13-ssl     Makefile 
    www/apache20         Makefile 
    www/apache21         Makefile 
    www/apache22         Makefile 
  Added files:
    www/apache13-modperl/files patch-secfix-CVE-2006-3747 
    www/apache13-ssl/files patch-secfix-CVE-2006-3747 
    www/apache20/files   patch-secfix-CVE-2006-3747 
    www/apache21/files   patch-secfix-CVE-2006-3747 
    www/apache22/files   patch-secfix-CVE-2006-3747 
  Log:
  - Fix security issue in mod_rewrite.
  All people using mod_rewrite are strongly encouraged to update.
  
  An off-by-one flaw exists in the Rewrite module, mod_rewrite.
  Depending on the manner in which Apache httpd was compiled, this
  software defect may result in a vulnerability which, in combination
  with certain types of Rewrite rules in the web server configuration
  files, could be triggered remotely.  For vulnerable builds, the nature
  of the vulnerability can be denial of service (crashing of web server
  processes) or potentially allow arbitrary code execution.
  This issue has been rated as having important security impact
  by the Apache HTTP Server Security Team
  
  Updates to latest versions will follow soon.
  
  Notified by:    so@ (simon)
  Obtained from:  Apache Security Team
  Security:       CVE-2006-3747
  
  Revision  Changes    Path
  1.15      +1 -0      ports/www/apache13-modperl/Makefile
  1.1       +13 -0     ports/www/apache13-modperl/files/patch-secfix-CVE-2006-3747 (new)
  1.119     +1 -1      ports/www/apache13-ssl/Makefile
  1.1       +13 -0     ports/www/apache13-ssl/files/patch-secfix-CVE-2006-3747 (new)
  1.241     +1 -1      ports/www/apache20/Makefile
  1.1       +13 -0     ports/www/apache20/files/patch-secfix-CVE-2006-3747 (new)
  1.186     +1 -1      ports/www/apache21/Makefile
  1.1       +13 -0     ports/www/apache21/files/patch-secfix-CVE-2006-3747 (new)
  1.195     +1 -0      ports/www/apache22/Makefile
  1.1       +13 -0     ports/www/apache22/files/patch-secfix-CVE-2006-3747 (new)

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFEySJ8sRhfjwcjuh0RAsl8AJ9v/JeLoWyjoi+Yj23viBDS5xoAGwCfYksk
JFDuPC07luO687Dnf+nxwzo=
=KlTu
-----END PGP SIGNATURE-----
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060727203052.GA69926>