Date: Wed, 18 Aug 2004 21:40:42 +0200 From: Clement Laforet <sheepkiller@cultdeadsheep.org> To: apache@FreeBSD.org Subject: Fw: cvs commit: ports/www/apache2 Makefile ports/www/apache2/files patch-secfix-modules:ssl:ssl_engine_io.c Message-ID: <20040818214042.29ce32c0.sheepkiller@cultdeadsheep.org>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
FYI,
Begin forwarded message:
Date: Wed, 18 Aug 2004 19:40:07 +0000 (UTC)
From: Clement Laforet <clement@FreeBSD.org>
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: ports/www/apache2 Makefile ports/www/apache2/files patch-secfix-modules:ssl:ssl_engine_io.c
clement 2004-08-18 19:40:07 UTC
FreeBSD ports repository
Modified files:
www/apache2 Makefile
Added files:
www/apache2/files patch-secfix-modules:ssl:ssl_engine_io.c
Log:
- Backport security fixes in ssl_engine_io.c
* [SECURITY] mod_ssl: Fix potential input filter segfaults in
SPECULATIVE mode. (rollback handling for AP_MODE_SPECULATIVE)
"This issue has possible security implications; it's been assigned CVE
CAN-2004-0751 (cve.mitre.org)."
http://issues.apache.org/bugzilla/show_bug.cgi?id=30134
* [SECURITY] mod_ssl: Fix potential infinite loop.
(potential infinite loop in ssl_io_input_getline if connection is
aborted without inctx->rc being set.)
http://issues.apache.org/bugzilla/show_bug.cgi?id=27945
http://issues.apache.org/bugzilla/show_bug.cgi?id=29690
Obtained from: Apache CVS (httpd-2.0 HEAD)
Revision Changes Path
1.197 +1 -1 ports/www/apache2/Makefile
1.1 +34 -0 ports/www/apache2/files/patch-secfix-modules:ssl:ssl_engine_io.c (new)
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (FreeBSD)
iD8DBQFBI7C9sRhfjwcjuh0RAr0fAKC8nWsagSlVJD/wAOpHnOIp48ai+gCgiBAa
60mi7PsehwRphKH5nxglCGc=
=889w
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040818214042.29ce32c0.sheepkiller>