Date: Mon, 3 Jun 2013 06:51:43 +0000 (UTC) From: Marcelo Araujo <araujo@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r319757 - in head: security/vuxml www/mod_security Message-ID: <201306030651.r536phoK057957@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: araujo Date: Mon Jun 3 06:51:43 2013 New Revision: 319757 URL: http://svnweb.freebsd.org/changeset/ports/319757 Log: - Update to 2.7.4. More info: https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES PR: ports/179167 Submitted by: ohauer@ Security: 9dfb63b8-8f36-11e2-b34d-000c2957946c Modified: head/security/vuxml/vuln.xml head/www/mod_security/Makefile head/www/mod_security/distinfo Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Mon Jun 3 06:47:55 2013 (r319756) +++ head/security/vuxml/vuln.xml Mon Jun 3 06:51:43 2013 (r319757) @@ -51,6 +51,35 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="9dfb63b8-8f36-11e2-b34d-000c2957946c"> + <topic>www/mod_security -- NULL pointer dereference DoS</topic> + <affects> + <package> + <name>mod_security</name> + <range><lt>2.7.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/archive/1/526746"> + <p>When ModSecurity receives a request body with a size bigger than the + value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" + that has no request body processor mapped to it, ModSecurity will + systematically crash on every call to "forceRequestBodyVariable".</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-2765</cvename> + <url>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2765</url> + </references> + <dates> + <discovery>2013-05-27</discovery> + <entry>2013-06-03</entry> + </dates> + </vuln> + <vuln vid="1225549f-ca91-11e2-b3b8-f0def16c5c1b"> <topic>passenger -- security vulnerability</topic> <affects> Modified: head/www/mod_security/Makefile ============================================================================== --- head/www/mod_security/Makefile Mon Jun 3 06:47:55 2013 (r319756) +++ head/www/mod_security/Makefile Mon Jun 3 06:51:43 2013 (r319757) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= mod_security -PORTVERSION= 2.7.3 +PORTVERSION= 2.7.4 CATEGORIES= www security MASTER_SITES= http://www.modsecurity.org/tarball/${PORTVERSION}/ PKGNAMEPREFIX= ${APACHE_PKGNAMEPREFIX} Modified: head/www/mod_security/distinfo ============================================================================== --- head/www/mod_security/distinfo Mon Jun 3 06:47:55 2013 (r319756) +++ head/www/mod_security/distinfo Mon Jun 3 06:51:43 2013 (r319757) @@ -1,2 +1,2 @@ -SHA256 (modsecurity-apache_2.7.3.tar.gz) = fa5b0a2fabe9cd6c7b35ae09a433a60da183b2cabcf26479ec40fc4a419693e4 -SIZE (modsecurity-apache_2.7.3.tar.gz) = 981947 +SHA256 (modsecurity-apache_2.7.4.tar.gz) = 605d6f1b03e648001ef1c7db7b18d51c01edd443b57cbbd4e298770ffdcd0eb9 +SIZE (modsecurity-apache_2.7.4.tar.gz) = 1014983
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201306030651.r536phoK057957>