pkgsrc.se | The NetBSD package collection

Next | Query returned 1 messages, browsing 1 to 10 | previous

CVS Commit History:

2010-03-28 15:02:33 by Matthias Scheler | Files touched by this commit (6) | Package updated

Log message:
Pullup ticket #3068 - requested by taca
apache22: security update

Revisions pulled up:
- www/apache22/Makefile				1.56
- www/apache22/PLIST				1.16
- www/apache22/distinfo				1.30-1.31
- www/apache22/patches/patch-aq			delete
- www/apache22/patches/patch-as			delete
- www/apache22/patches/patch-au			delete
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Fri Mar  5 00:22:59 UTC 2010

Modified Files:
	pkgsrc/www/apache22: distinfo
Removed Files:
	pkgsrc/www/apache22/patches: patch-aq patch-as patch-au

Log message:
Remove CVE-2007-3304 related patches.  CVE-2007-3304 was fixed
in Apache 2.2.6 and these patches are noop.
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Tue Mar  9 02:30:15 UTC 2010

Modified Files:
	pkgsrc/www/apache22: Makefile PLIST distinfo

Log message:
Update apache22 package to 2.2.15.

For full changes information please refer:
http://www.apache.org/dist/httpd/Announcement2.2.html.

Here is security related changes from ChangeLog
(http://www.apache.org/dist/httpd/CHANGES_2.2.15).

Changes with Apache 2.2.15

  *) SECURITY: CVE-2009-3555 (cve.mitre.org)
     mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
     by rejecting any client-initiated renegotiations. Forcibly disable
     keepalive for the connection if there is any buffered data readable. Any
     configuration which requires renegotiation for per-directory/location
     access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
     [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]

  *) SECURITY: CVE-2010-0408 (cve.mitre.org)
     mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
     when request headers indicate a request body is incoming; not a case of
     HTTP_INTERNAL_SERVER_ERROR.  [Niku Toivola <niku.toivola sulake.com>]

  *) SECURITY: CVE-2010-0425 (cve.mitre.org)
     mod_isapi: Do not unload an isapi .dll module until the request
     processing is completed, avoiding orphaned callback pointers.
     [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]

Next | Query returned 1 messages, browsing 1 to 10 | previous