Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 16 Aug 2019 14:32:48 +0200
From:      Jochen Neumeister <joneum@FreeBSD.org>
To:        Niclas Zeising <zeising@freebsd.org>, Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org, ports-secteam@FreeBSD.org
Subject:   Re: svn commit: r508943 - head/www/libnghttp2
Message-ID:  <c07d2c6d-49d7-86e2-de54-cf0393d3dc70@FreeBSD.org>
In-Reply-To: <a7de1972-1b4d-5f24-b636-d829e11b4cac@freebsd.org>
References:  <201908141801.x7EI10Cm083727@repo.freebsd.org> <a7de1972-1b4d-5f24-b636-d829e11b4cac@freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help

Am 14.08.2019 um 22:11 schrieb Niclas Zeising:
> On 2019-08-14 20:01, Sunpoet Po-Chuan Hsieh wrote:
>> Author: sunpoet
>> Date: Wed Aug 14 18:01:00 2019
>> New Revision: 508943
>> URL: https://svnweb.freebsd.org/changeset/ports/508943
>>
>> Log:
>>    Update to 1.39.2
>
> This needs a VuXML entry, and should be merged to 2019Q3 branch.
> Regards


 From the Changelog:

This release fixes CVE-2019-9511 “Data Dribble” and CVE-2019-9513
“Resource Loop” vulnerability in nghttpx and nghttpd. Specially crafted 
HTTP/2
frames cause Denial of Service by consuming CPU time


so please add a vuxml entry.

After that, Approved for 2019Q3.


Cheers
joneum (ports-secteam)




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c07d2c6d-49d7-86e2-de54-cf0393d3dc70>