From owner-svn-ports-head@freebsd.org  Fri Aug 16 12:32:55 2019
Return-Path: <owner-svn-ports-head@freebsd.org>
Delivered-To: svn-ports-head@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 534B0CB091;
 Fri, 16 Aug 2019 12:32:55 +0000 (UTC)
 (envelope-from joneum@FreeBSD.org)
Received: from toco-domains.de (mail.toco-domains.de
 [IPv6:2a01:4f8:151:4202::3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4692lp5cXpz4CXv;
 Fri, 16 Aug 2019 12:32:54 +0000 (UTC)
 (envelope-from joneum@FreeBSD.org)
Received: by toco-domains.de (Postfix, from userid 65534)
 id CADC9B29D9; Fri, 16 Aug 2019 14:32:51 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on toco-mail
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=4.0 tests=ALL_TRUSTED,BAYES_00
 autolearn=ham autolearn_force=no version=3.4.2
Received: from [172.31.21.114] (visusmail.visus-tt.com [212.23.146.170])
 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by toco-domains.de (Postfix) with ESMTPSA id 12A4CB29CD;
 Fri, 16 Aug 2019 14:32:49 +0200 (CEST)
Subject: Re: svn commit: r508943 - head/www/libnghttp2
To: Niclas Zeising <zeising@freebsd.org>,
 Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org>, ports-committers@freebsd.org,
 svn-ports-all@freebsd.org, svn-ports-head@freebsd.org,
 ports-secteam@FreeBSD.org
References: <201908141801.x7EI10Cm083727@repo.freebsd.org>
 <a7de1972-1b4d-5f24-b636-d829e11b4cac@freebsd.org>
From: Jochen Neumeister <joneum@FreeBSD.org>
Message-ID: <c07d2c6d-49d7-86e2-de54-cf0393d3dc70@FreeBSD.org>
Date: Fri, 16 Aug 2019 14:32:48 +0200
MIME-Version: 1.0
In-Reply-To: <a7de1972-1b4d-5f24-b636-d829e11b4cac@freebsd.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
X-WatchGuard-AntiVirus: part scanned. clean action=allow
X-Rspamd-Queue-Id: 4692lp5cXpz4CXv
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
	none
X-Spamd-Result: default: False [-2.89 / 15.00];
 local_wl_from(0.00)[FreeBSD.org];
 NEURAL_HAM_MEDIUM(-1.00)[-0.999,0];
 NEURAL_HAM_LONG(-1.00)[-0.999,0];
 NEURAL_HAM_SHORT(-0.89)[-0.891,0];
 ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-head>, 
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Aug 2019 12:32:55 -0000


Am 14.08.2019 um 22:11 schrieb Niclas Zeising:
> On 2019-08-14 20:01, Sunpoet Po-Chuan Hsieh wrote:
>> Author: sunpoet
>> Date: Wed Aug 14 18:01:00 2019
>> New Revision: 508943
>> URL: https://svnweb.freebsd.org/changeset/ports/508943
>>
>> Log:
>>    Update to 1.39.2
>
> This needs a VuXML entry, and should be merged to 2019Q3 branch.
> Regards


 From the Changelog:

This release fixes CVE-2019-9511 “Data Dribble” and CVE-2019-9513
“Resource Loop” vulnerability in nghttpx and nghttpd. Specially crafted 
HTTP/2
frames cause Denial of Service by consuming CPU time


so please add a vuxml entry.

After that, Approved for 2019Q3.


Cheers
joneum (ports-secteam)