kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/www/apache22
History
taca ceed3d639a Update apache22 package to 2.2.15. 
For full changes information please refer:
http://www.apache.org/dist/httpd/Announcement2.2.html.

Here is security related changes from ChangeLog
(http://www.apache.org/dist/httpd/CHANGES_2.2.15).


Changes with Apache 2.2.15

  *) SECURITY: CVE-2009-3555 (cve.mitre.org)
     mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
     by rejecting any client-initiated renegotiations. Forcibly disable
     keepalive for the connection if there is any buffered data readable. Any
     configuration which requires renegotiation for per-directory/location
     access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
     [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]

  *) SECURITY: CVE-2010-0408 (cve.mitre.org)
     mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
     when request headers indicate a request body is incoming; not a case of
     HTTP_INTERNAL_SERVER_ERROR.  [Niku Toivola <niku.toivola sulake.com>]

  *) SECURITY: CVE-2010-0425 (cve.mitre.org)
     mod_isapi: Do not unload an isapi .dll module until the request
     processing is completed, avoiding orphaned callback pointers.
     [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
2010-03-09 02:30:15 +00:00
..
files Remove obsolete comment. 2009-02-25 22:05:40 +00:00
patches Remove CVE-2007-3304 related patches. CVE-2007-3304 was fixed 2010-03-05 00:22:59 +00:00
buildlink3.mk Recursive PKGREVISION bump for jpeg update to 8. 2010-01-17 12:02:03 +00:00
DESCR
distinfo Update apache22 package to 2.2.15. 2010-03-09 02:30:15 +00:00
Makefile Update apache22 package to 2.2.15. 2010-03-09 02:30:15 +00:00
options.mk Fix support for non-default options: 2009-04-08 17:03:25 +00:00
PLIST Update apache22 package to 2.2.15. 2010-03-09 02:30:15 +00:00
PLIST.worker