Date: Sat, 17 Aug 2019 02:39:56 +0800 From: Po-Chuan Hsieh <sunpoet@freebsd.org> To: Jochen Neumeister <joneum@freebsd.org>, Niclas Zeising <zeising@freebsd.org> Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org, FreeBSD Ports Security Team <ports-secteam@freebsd.org> Subject: Re: svn commit: r508943 - head/www/libnghttp2 Message-ID: <CAMHz58RXk1iQm423phQr%2Bo=VouTT6mXaiv_EKOJYE9Gn0YjLJw@mail.gmail.com> In-Reply-To: <c07d2c6d-49d7-86e2-de54-cf0393d3dc70@FreeBSD.org> References: <201908141801.x7EI10Cm083727@repo.freebsd.org> <a7de1972-1b4d-5f24-b636-d829e11b4cac@freebsd.org> <c07d2c6d-49d7-86e2-de54-cf0393d3dc70@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 16, 2019 at 8:32 PM Jochen Neumeister <joneum@freebsd.org> wrote: > > Am 14.08.2019 um 22:11 schrieb Niclas Zeising: > > On 2019-08-14 20:01, Sunpoet Po-Chuan Hsieh wrote: > >> Author: sunpoet > >> Date: Wed Aug 14 18:01:00 2019 > >> New Revision: 508943 > >> URL: https://svnweb.freebsd.org/changeset/ports/508943 > >> > >> Log: > >> Update to 1.39.2 > > > > This needs a VuXML entry, and should be merged to 2019Q3 branch. > > Regards > > > From the Changelog: > > This release fixes CVE-2019-9511 =E2=80=9CData Dribble=E2=80=9D and CVE-2= 019-9513 > =E2=80=9CResource Loop=E2=80=9D vulnerability in nghttpx and nghttpd. Spe= cially crafted > HTTP/2 > frames cause Denial of Service by consuming CPU time > > > so please add a vuxml entry. > > After that, Approved for 2019Q3. > FYI, vuxml entry was added in 509113. The update was MFH'd in r509118. > > Cheers > joneum (ports-secteam) > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAMHz58RXk1iQm423phQr%2Bo=VouTT6mXaiv_EKOJYE9Gn0YjLJw>