Date: Fri, 16 Aug 2019 14:32:48 +0200 From: Jochen Neumeister <joneum@FreeBSD.org> To: Niclas Zeising <zeising@freebsd.org>, Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org, ports-secteam@FreeBSD.org Subject: Re: svn commit: r508943 - head/www/libnghttp2 Message-ID: <c07d2c6d-49d7-86e2-de54-cf0393d3dc70@FreeBSD.org> In-Reply-To: <a7de1972-1b4d-5f24-b636-d829e11b4cac@freebsd.org> References: <201908141801.x7EI10Cm083727@repo.freebsd.org> <a7de1972-1b4d-5f24-b636-d829e11b4cac@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 14.08.2019 um 22:11 schrieb Niclas Zeising: > On 2019-08-14 20:01, Sunpoet Po-Chuan Hsieh wrote: >> Author: sunpoet >> Date: Wed Aug 14 18:01:00 2019 >> New Revision: 508943 >> URL: https://svnweb.freebsd.org/changeset/ports/508943 >> >> Log: >> Update to 1.39.2 > > This needs a VuXML entry, and should be merged to 2019Q3 branch. > Regards From the Changelog: This release fixes CVE-2019-9511 “Data Dribble” and CVE-2019-9513 “Resource Loop” vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2 frames cause Denial of Service by consuming CPU time so please add a vuxml entry. After that, Approved for 2019Q3. Cheers joneum (ports-secteam)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c07d2c6d-49d7-86e2-de54-cf0393d3dc70>