Path to this page:
Subject: CVS commit: pkgsrc/www/passenger
From: Filip Hajny
Date: 2018-06-13 14:57:47
Message id: 20180613125747.CD8BEFBEC@cvs.NetBSD.org
Log Message:
www/passenger: Update to 5.3.2.
- [Nginx] Fixes CVE-2018-12029, a local privilege escalation
vulnerability in the Nginx module that occurs when
`passenger_instance_registry_dir` is configured to a directory
with insufficiently strict permissions.
- Fixes CVE-2018-12026, 12027, and 12028. These are local denial of
service, local information disclosure and local privilege escalation
vulnerabilities that could be exploited by malicious applications or
malicious users on the system.
- Fixes Meteor support in non-bundled mode (regression from 5.3.0).
- Fixes the fact that the error page (which is shown when an app fails
to spawn) sometimes contains unsufficient analysis details about the
app.
- [Apache] Fixes PassengerMaxInstancesPerApp not being respected
(regression from config refactor in 5.2.0).
- [Enterprise, Apache] Fixes PassengerMaxInstances not being respected
(regression from config refactor in 5.2.0).
- [Enterprise] Fixes passenger-irb being unable to connect to an app
process (regression from 5.3.0).
Files: