From owner-freebsd-apache@FreeBSD.ORG Thu Jul 27 20:30:55 2006 Return-Path: X-Original-To: apache@FreeBSD.org Delivered-To: freebsd-apache@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C3D5116A504 for ; Thu, 27 Jul 2006 20:30:55 +0000 (UTC) (envelope-from clement@FreeBSD.org) Received: from goofy.cultdeadsheep.org (charon.cultdeadsheep.org [80.65.226.72]) by mx1.FreeBSD.org (Postfix) with SMTP id 9BF1543D49 for ; Thu, 27 Jul 2006 20:30:53 +0000 (GMT) (envelope-from clement@FreeBSD.org) Received: (qmail 74374 invoked by uid 1000); 27 Jul 2006 22:30:52 +0200 Date: Thu, 27 Jul 2006 22:30:52 +0200 From: Clement Laforet To: apache@FreeBSD.org Message-ID: <20060727203052.GA69926@goofy.cultdeadsheep.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="VS++wcV0S1rZb1Fb" Content-Disposition: inline User-Agent: Mutt/1.5.10i Cc: Subject: Fwd: cvs commit: ports/www/apache13-modperl Makefile ports/www/apache13-modperl/files patch-secfix-CVE-2006-3747 ports/www/apache13-ssl Makefile ports/www/apache13-ssl/files patch-secfix-CVE-2006-3747 ports/www/apache20 Makefile ports/www/apache20/files p X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jul 2006 20:30:55 -0000 --VS++wcV0S1rZb1Fb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable FYI. ----- Forwarded message from Clement Laforet ----- =46rom: Clement Laforet Date: Thu, 27 Jul 2006 20:26:29 +0000 (UTC) To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/www/apache13-modperl Makefile ports/www/apache13= -modperl/files patch-secfix-CVE-2006-3747 ports/www/apache13-ssl Makefile ports/www/apache13-ssl/files patch-secfix-CVE-2006-3747 ports/www/= apache20 Makefile ports/www/apache20/files patch-secfix-CVE-2006-3747 ... clement 2006-07-27 20:26:29 UTC FreeBSD ports repository Modified files: www/apache13-modperl Makefile=20 www/apache13-ssl Makefile=20 www/apache20 Makefile=20 www/apache21 Makefile=20 www/apache22 Makefile=20 Added files: www/apache13-modperl/files patch-secfix-CVE-2006-3747=20 www/apache13-ssl/files patch-secfix-CVE-2006-3747=20 www/apache20/files patch-secfix-CVE-2006-3747=20 www/apache21/files patch-secfix-CVE-2006-3747=20 www/apache22/files patch-secfix-CVE-2006-3747=20 Log: - Fix security issue in mod_rewrite. All people using mod_rewrite are strongly encouraged to update. =20 An off-by-one flaw exists in the Rewrite module, mod_rewrite. Depending on the manner in which Apache httpd was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. For vulnerable builds, the nature of the vulnerability can be denial of service (crashing of web server processes) or potentially allow arbitrary code execution. This issue has been rated as having important security impact by the Apache HTTP Server Security Team =20 Updates to latest versions will follow soon. =20 Notified by: so@ (simon) Obtained from: Apache Security Team Security: CVE-2006-3747 =20 Revision Changes Path 1.15 +1 -0 ports/www/apache13-modperl/Makefile 1.1 +13 -0 ports/www/apache13-modperl/files/patch-secfix-CVE-20= 06-3747 (new) 1.119 +1 -1 ports/www/apache13-ssl/Makefile 1.1 +13 -0 ports/www/apache13-ssl/files/patch-secfix-CVE-2006-3= 747 (new) 1.241 +1 -1 ports/www/apache20/Makefile 1.1 +13 -0 ports/www/apache20/files/patch-secfix-CVE-2006-3747 = (new) 1.186 +1 -1 ports/www/apache21/Makefile 1.1 +13 -0 ports/www/apache21/files/patch-secfix-CVE-2006-3747 = (new) 1.195 +1 -0 ports/www/apache22/Makefile 1.1 +13 -0 ports/www/apache22/files/patch-secfix-CVE-2006-3747 = (new) --VS++wcV0S1rZb1Fb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFEySJ8sRhfjwcjuh0RAsl8AJ9v/JeLoWyjoi+Yj23viBDS5xoAGwCfYksk JFDuPC07luO687Dnf+nxwzo= =KlTu -----END PGP SIGNATURE----- --VS++wcV0S1rZb1Fb--