Date: Thu, 27 Jul 2006 22:30:52 +0200 From: Clement Laforet <clement@FreeBSD.org> To: apache@FreeBSD.org Subject: Fwd: cvs commit: ports/www/apache13-modperl Makefile ports/www/apache13-modperl/files patch-secfix-CVE-2006-3747 ports/www/apache13-ssl Makefile ports/www/apache13-ssl/files patch-secfix-CVE-2006-3747 ports/www/apache20 Makefile ports/www/apache20/files p Message-ID: <20060727203052.GA69926@goofy.cultdeadsheep.org>
next in thread | raw e-mail | index | archive | help
--VS++wcV0S1rZb1Fb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
FYI.
----- Forwarded message from Clement Laforet <clement@FreeBSD.org> -----
=46rom: Clement Laforet <clement@FreeBSD.org>
Date: Thu, 27 Jul 2006 20:26:29 +0000 (UTC)
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org,
cvs-all@FreeBSD.org
Subject: cvs commit: ports/www/apache13-modperl Makefile ports/www/apache13=
-modperl/files
patch-secfix-CVE-2006-3747 ports/www/apache13-ssl Makefile
ports/www/apache13-ssl/files patch-secfix-CVE-2006-3747 ports/www/=
apache20
Makefile ports/www/apache20/files patch-secfix-CVE-2006-3747 ...
clement 2006-07-27 20:26:29 UTC
FreeBSD ports repository
Modified files:
www/apache13-modperl Makefile=20
www/apache13-ssl Makefile=20
www/apache20 Makefile=20
www/apache21 Makefile=20
www/apache22 Makefile=20
Added files:
www/apache13-modperl/files patch-secfix-CVE-2006-3747=20
www/apache13-ssl/files patch-secfix-CVE-2006-3747=20
www/apache20/files patch-secfix-CVE-2006-3747=20
www/apache21/files patch-secfix-CVE-2006-3747=20
www/apache22/files patch-secfix-CVE-2006-3747=20
Log:
- Fix security issue in mod_rewrite.
All people using mod_rewrite are strongly encouraged to update.
=20
An off-by-one flaw exists in the Rewrite module, mod_rewrite.
Depending on the manner in which Apache httpd was compiled, this
software defect may result in a vulnerability which, in combination
with certain types of Rewrite rules in the web server configuration
files, could be triggered remotely. For vulnerable builds, the nature
of the vulnerability can be denial of service (crashing of web server
processes) or potentially allow arbitrary code execution.
This issue has been rated as having important security impact
by the Apache HTTP Server Security Team
=20
Updates to latest versions will follow soon.
=20
Notified by: so@ (simon)
Obtained from: Apache Security Team
Security: CVE-2006-3747
=20
Revision Changes Path
1.15 +1 -0 ports/www/apache13-modperl/Makefile
1.1 +13 -0 ports/www/apache13-modperl/files/patch-secfix-CVE-20=
06-3747 (new)
1.119 +1 -1 ports/www/apache13-ssl/Makefile
1.1 +13 -0 ports/www/apache13-ssl/files/patch-secfix-CVE-2006-3=
747 (new)
1.241 +1 -1 ports/www/apache20/Makefile
1.1 +13 -0 ports/www/apache20/files/patch-secfix-CVE-2006-3747 =
(new)
1.186 +1 -1 ports/www/apache21/Makefile
1.1 +13 -0 ports/www/apache21/files/patch-secfix-CVE-2006-3747 =
(new)
1.195 +1 -0 ports/www/apache22/Makefile
1.1 +13 -0 ports/www/apache22/files/patch-secfix-CVE-2006-3747 =
(new)
--VS++wcV0S1rZb1Fb
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFEySJ8sRhfjwcjuh0RAsl8AJ9v/JeLoWyjoi+Yj23viBDS5xoAGwCfYksk
JFDuPC07luO687Dnf+nxwzo=
=KlTu
-----END PGP SIGNATURE-----
--VS++wcV0S1rZb1Fb--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060727203052.GA69926>