From owner-svn-ports-head@freebsd.org Fri Aug 16 18:40:33 2019 Return-Path: Delivered-To: svn-ports-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D92B7AB59D for ; Fri, 16 Aug 2019 18:40:33 +0000 (UTC) (envelope-from sunpoet@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 469Bw15RNfz4cCr for ; Fri, 16 Aug 2019 18:40:33 +0000 (UTC) (envelope-from sunpoet@freebsd.org) Received: from mail-ed1-f47.google.com (mail-ed1-f47.google.com [209.85.208.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) (Authenticated sender: sunpoet) by smtp.freebsd.org (Postfix) with ESMTPSA id 88778102FC for ; Fri, 16 Aug 2019 18:40:33 +0000 (UTC) (envelope-from sunpoet@freebsd.org) Received: by mail-ed1-f47.google.com with SMTP id p28so5961666edi.3 for ; Fri, 16 Aug 2019 11:40:33 -0700 (PDT) X-Gm-Message-State: APjAAAV3FlL18SVTxa0SzKgnPpBoI2qpI0P+VGg6+0MSWUqSaForpW2K l9Swswc/WrrPkxy6MMPQ6XTTtcMQVdF9uKf4pZlgcg== X-Google-Smtp-Source: APXvYqxh59hu/zf7GxE5KZwi3f4FpjTUYh+5a1gJEE+mbqbQJD0CdcAz9ZlhQCZbhxblfb05tgsFqzaGqrPqmrgbmwA= X-Received: by 2002:a50:8974:: with SMTP id f49mr12287780edf.95.1565980832588; Fri, 16 Aug 2019 11:40:32 -0700 (PDT) MIME-Version: 1.0 References: <201908141801.x7EI10Cm083727@repo.freebsd.org> In-Reply-To: From: Po-Chuan Hsieh Date: Sat, 17 Aug 2019 02:39:56 +0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: svn commit: r508943 - head/www/libnghttp2 To: Jochen Neumeister , Niclas Zeising Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org, FreeBSD Ports Security Team Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Aug 2019 18:40:33 -0000 On Fri, Aug 16, 2019 at 8:32 PM Jochen Neumeister wrote: > > Am 14.08.2019 um 22:11 schrieb Niclas Zeising: > > On 2019-08-14 20:01, Sunpoet Po-Chuan Hsieh wrote: > >> Author: sunpoet > >> Date: Wed Aug 14 18:01:00 2019 > >> New Revision: 508943 > >> URL: https://svnweb.freebsd.org/changeset/ports/508943 > >> > >> Log: > >> Update to 1.39.2 > > > > This needs a VuXML entry, and should be merged to 2019Q3 branch. > > Regards > > > From the Changelog: > > This release fixes CVE-2019-9511 =E2=80=9CData Dribble=E2=80=9D and CVE-2= 019-9513 > =E2=80=9CResource Loop=E2=80=9D vulnerability in nghttpx and nghttpd. Spe= cially crafted > HTTP/2 > frames cause Denial of Service by consuming CPU time > > > so please add a vuxml entry. > > After that, Approved for 2019Q3. > FYI, vuxml entry was added in 509113. The update was MFH'd in r509118. > > Cheers > joneum (ports-secteam) > >