Date: Mon, 12 Dec 2005 20:31:53 +0000 (UTC) From: Clement Laforet <clement@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/www/apache13-modperl Makefile ports/www/apache13-modperl/files patch-secfix-CAN-2005-3352 ports/www/apache13-ssl Makefile ports/www/apache13-ssl/files patch-secfix-CAN-2005-3352 Message-ID: <200512122031.jBCKVrNn071053@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
clement 2005-12-12 20:31:53 UTC FreeBSD ports repository Modified files: www/apache13-modperl Makefile www/apache13-ssl Makefile Added files: www/apache13-modperl/files patch-secfix-CAN-2005-3352 www/apache13-ssl/files patch-secfix-CAN-2005-3352 Log: SECURITY: CVE-2005-3352 (cve.mitre.org) mod_imap: Escape untrusted referer header before outputting in HTML to avoid potential cross-site scripting. Change also made to ap_escape_html so we escape quotes. Reported by JPCERT. [Mark Cox] Reported by: simon Revision Changes Path 1.11 +1 -0 ports/www/apache13-modperl/Makefile 1.1 +35 -0 ports/www/apache13-modperl/files/patch-secfix-CAN-2005-3352 (new) 1.116 +1 -1 ports/www/apache13-ssl/Makefile 1.1 +35 -0 ports/www/apache13-ssl/files/patch-secfix-CAN-2005-3352 (new)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200512122031.jBCKVrNn071053>