Date: Sun, 14 Feb 2010 11:59:48 GMT From: Andrei Lavreniyuk <andy.lavr@reactor-xg.kiev.ua> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/143932: [UPDATE] ports/www/mod_security to version v2.5.12 Message-ID: <201002141159.o1EBxmJL093761@www.freebsd.org> Resent-Message-ID: <201002141405.o1EE56MK041107@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 143932 >Category: ports >Synopsis: [UPDATE] ports/www/mod_security to version v2.5.12 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Feb 14 14:05:06 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Andrei Lavreniyuk >Release: FreeBSD 8.0-STABLE >Organization: Technica-03, Inc. >Environment: FreeBSD datacenter.technica-03.local 8.0-STABLE FreeBSD 8.0-STABLE #0: Sat Feb 13 11:01:53 EET 2010 root@datacenter.technica-03.local:/usr/obj/usr/src/sys/SMP64 amd64 >Description: Please update ports/www/mod_security to version v2.5.12 _____________________________________________________________ http://www.modsecurity.org/ of version v2.5.12: http://sourceforge.net/projects/mod-security/files/modsecurity-apache/2.5.12/CHANGES_2.5.12.txt/download More details from the SVN log: * r1488 | b1v1r | 2010-02-05 19:38:56 +0100 (Fri, 05 Feb 2010) | 1 line Cleanup path nomalization routine and add some further regression tests (MODSEC-123). * r1487 | b1v1r | 2010-02-05 19:26:43 +0100 (Fri, 05 Feb 2010) | 1 line Fixed SecUploadFileMode to set the correct mode (MODSEC-129). * r1486 | b1v1r | 2010-02-05 19:24:44 +0100 (Fri, 05 Feb 2010) | 1 line Fixed nolog,auditlog/noauditlog/nolog controls for disruptive actions (MODSEC-78, MODSEC-130) * r1479 | b1v1r | 2010-02-05 19:15:31 +0100 (Fri, 05 Feb 2010) | 1 line Added SecUploadFileLimit (MODSEC-116). * r1478 | b1v1r | 2010-02-05 19:14:08 +0100 (Fri, 05 Feb 2010) | 1 line Rewrote path normalization routine (MODSEC-123). * r1476 | b1v1r | 2010-02-05 19:12:53 +0100 (Fri, 05 Feb 2010) | 1 line Trim whitespace around phrases used with @pmFromFile and allow for both LF and CRLF terminated lines (MODSEC-126). * r1474 | b1v1r | 2010-02-05 19:11:36 +0100 (Fri, 05 Feb 2010) | 1 line Allow for more robust parsing for multipart header folding. Reported by Sogeti/ESEC R&D (MODSEC-118). Added additional multipart regression tests. * r1472 | b1v1r | 2010-02-05 19:09:19 +0100 (Fri, 05 Feb 2010) | 1 line Added PCRE limits and studying by default to help alleviate REDoS reported by Sogeti/ESEC R&D (MODSEC-119). * r1471 | b1v1r | 2010-02-05 19:07:56 +0100 (Fri, 05 Feb 2010) | 1 line Fixed memory leak in v1 cookie parser reported by Sogeti/ESEC R&D (MODSEC-121). Further references: http://secunia.com/advisories/38460/ http://freshmeat.net/projects/modsecurity/releases/312017 CVE Request: http://www.openwall.com/lists/oss-security/2010/02/10/2 >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201002141159.o1EBxmJL093761>