Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 18 Aug 2004 21:40:42 +0200
From:      Clement Laforet <sheepkiller@cultdeadsheep.org>
To:        apache@FreeBSD.org
Subject:   Fw: cvs commit: ports/www/apache2 Makefile ports/www/apache2/files patch-secfix-modules:ssl:ssl_engine_io.c
Message-ID:  <20040818214042.29ce32c0.sheepkiller@cultdeadsheep.org>
next in thread | raw e-mail | index | archive | help 
--Signature=_Wed__18_Aug_2004_21_40_42_+0200_oyjL9aARtrcaZM1W
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

FYI,

Begin forwarded message:

Date: Wed, 18 Aug 2004 19:40:07 +0000 (UTC)
From: Clement Laforet <clement@FreeBSD.org>
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: ports/www/apache2 Makefile ports/www/apache2/files patch-secfix-modules:ssl:ssl_engine_io.c


clement     2004-08-18 19:40:07 UTC

  FreeBSD ports repository

  Modified files:
    www/apache2          Makefile 
  Added files:
    www/apache2/files    patch-secfix-modules:ssl:ssl_engine_io.c 
  Log:
  - Backport security fixes in ssl_engine_io.c
  
  * [SECURITY] mod_ssl: Fix potential input filter segfaults in
    SPECULATIVE mode. (rollback handling for AP_MODE_SPECULATIVE)
    "This issue has possible security implications; it's been assigned CVE
    CAN-2004-0751 (cve.mitre.org)."
    http://issues.apache.org/bugzilla/show_bug.cgi?id=30134
  
  * [SECURITY] mod_ssl: Fix potential infinite loop.
    (potential infinite loop in ssl_io_input_getline if connection is
    aborted without inctx->rc being set.)
    http://issues.apache.org/bugzilla/show_bug.cgi?id=27945
    http://issues.apache.org/bugzilla/show_bug.cgi?id=29690
  
  Obtained from:  Apache CVS (httpd-2.0 HEAD)
  
  Revision  Changes    Path
  1.197     +1 -1      ports/www/apache2/Makefile
  1.1       +34 -0     ports/www/apache2/files/patch-secfix-modules:ssl:ssl_engine_io.c (new)



--Signature=_Wed__18_Aug_2004_21_40_42_+0200_oyjL9aARtrcaZM1W
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (FreeBSD)

iD8DBQFBI7C9sRhfjwcjuh0RAr0fAKC8nWsagSlVJD/wAOpHnOIp48ai+gCgiBAa
60mi7PsehwRphKH5nxglCGc=
=889w
-----END PGP SIGNATURE-----

--Signature=_Wed__18_Aug_2004_21_40_42_+0200_oyjL9aARtrcaZM1W--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040818214042.29ce32c0.sheepkiller>