02318624eb
discovered in version 1.3.26 including these security fixes: - SECURITY: CAN-2002-0840 (cve.mitre.org) Prevent a cross-site scripting vulnerability in the default error page. The issue could only be exploited if the directive UseCanonicalName is set to Off and a server is being run at a domain that allows wildcard DNS. [Matthew Murphy] - SECURITY CAN-2002-0843 (cve.mitre.org) Fix some possible overflows in ab.c that could be exploited by a malicious server. Reported by David Wagner. [Jim Jagielski] - SECURITY CAN-2002-0839 (cve.mitre.org) Add the new directive 'ShmemUIDisUser'. By default, Apache will no longer set the uid/gid of SysV shared memory scoreboard to User/Group, and it will therefore stay the uid/gid of the parent Apache process. This is actually the way it should be, however, some implementations may still require this, which can be enabled by 'ShmemUIDisUser On'. Reported by iDefense. [Jim Jagielski] |
||
|---|---|---|
| .. | ||
| files | ||
| patches | ||
| buildlink.mk | ||
| buildlink2.mk | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| PLIST | ||
| PLIST.shared | ||
| PLIST.suexec | ||