Date: Wed, 23 Jan 2019 14:37:44 +0000 (UTC) From: Jochen Neumeister <joneum@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r491040 - head/security/vuxml Message-ID: <201901231437.x0NEbiNU010956@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: joneum Date: Wed Jan 23 14:37:44 2019 New Revision: 491040 URL: https://svnweb.freebsd.org/changeset/ports/491040 Log: Add entry for www/apache24 Sponsored by: Netzkommune GmbH Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Jan 23 14:25:24 2019 (r491039) +++ head/security/vuxml/vuln.xml Wed Jan 23 14:37:44 2019 (r491040) @@ -58,6 +58,46 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="eb888ce5-1f19-11e9-be05-4c72b94353b5"> + <topic>Apache -- vulnerability</topic> + <affects> + <package> + <name>apache24</name> + <range><lt>2.4.38</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The Apache httpd Project reports:</p> + <blockquote cite="http://httpd.apache.org/security/vulnerabilities_24.html">; + <p>SECURITY: CVE-2018-17199 + mod_session: mod_session_cookie does not respect expiry time allowing + sessions to be reused.</p> + <p>SECURITY: CVE-2019-0190 + mod_ssl: Fix infinite loop triggered by a client-initiated + renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and + later. PR 63052.</p> + <p>SECURITY: CVE-2018-17189 + mod_http2: fixes a DoS attack vector. By sending slow request bodies + to resources not consuming them, httpd cleanup code occupies a server + thread unnecessarily. This was changed to an immediate stream reset + which discards all stream state and incoming data.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.apache.org/dist/httpd/CHANGES_2.4.38</url>; + <url>http://httpd.apache.org/security/vulnerabilities_24.html</url>; + <cvename>CVE-2018-17199</cvename> + <cvename>CVE-2018-17189</cvename> + <cvename>CVE-2019-0190</cvename> + </references> + <dates> + <discovery>2019-01-22</discovery> + <entry>2019-01-23</entry> + </dates> + </vuln> + <vuln vid="4af3241d-1f0c-11e9-b4bd-d43d7eed0ce2"> <topic>www/mod_dav_svn -- Malicious SVN clients can crash mod_dav_svn.</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201901231437.x0NEbiNU010956>