Date: Tue, 26 Jul 2005 10:10:35 +0000 (UTC) From: Clement Laforet <clement@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/www/apache2 Makefile ports/www/apache2/files patch-secfix-CAN-2005-1268 patch-secfix-CAN-2005-2088 patch-secfix-ssl_engine_kernel.c ports/www/apache20 Makefile ports/www/apache20/files patch-secfix-CAN-2005-1268 patch-secfix-CAN-2005-2088 patch-secfix-ssl_engine_kernel.c Message-ID: <200507261010.j6QAAZGs015988@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
clement 2005-07-26 10:10:35 UTC FreeBSD ports repository Modified files: www/apache2 Makefile www/apache20 Makefile Added files: www/apache2/files patch-secfix-CAN-2005-1268 patch-secfix-CAN-2005-2088 www/apache20/files patch-secfix-CAN-2005-1268 patch-secfix-CAN-2005-2088 Removed files: www/apache2/files patch-secfix-ssl_engine_kernel.c www/apache20/files patch-secfix-ssl_engine_kernel.c Log: - Add fix for CAN-2005-2088 From Changelog: *) SECURITY: CAN-2005-2088 core: If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks. [Paul Querna, Joe Orton] - Rename previous patch to CVE ID - bump PORTREVISION Security: CAN-2005-2088 Obtained From: Apache repository Revision Changes Path 1.223 +1 -1 ports/www/apache2/Makefile 1.1 +11 -0 ports/www/apache2/files/patch-secfix-CAN-2005-1268 (new) 1.1 +20 -0 ports/www/apache2/files/patch-secfix-CAN-2005-2088 (new) 1.2 +0 -11 ports/www/apache2/files/patch-secfix-ssl_engine_kernel.c (dead) 1.221 +1 -1 ports/www/apache20/Makefile 1.1 +11 -0 ports/www/apache20/files/patch-secfix-CAN-2005-1268 (new) 1.1 +20 -0 ports/www/apache20/files/patch-secfix-CAN-2005-2088 (new) 1.2 +0 -11 ports/www/apache20/files/patch-secfix-ssl_engine_kernel.c (dead)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507261010.j6QAAZGs015988>