Bug 111844 - UPDATE: www/mod_perl 1.29 -> 1.30 (CVE Security Fix)
Summary: UPDATE: www/mod_perl 1.29 -> 1.30 (CVE Security Fix)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-apache (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-04-19 06:30 UTC by Philip M. Gollucci
Modified: 2007-04-25 19:50 UTC (History)
1 user (show)

See Also:

Attachments
mod_perl.diff (2.79 KB, patch)
2007-04-19 06:30 UTC, Philip M. Gollucci 		no flags Details | Diff
vuxml.diff (1.47 KB, patch)
2007-04-24 23:51 UTC, Philip M. Gollucci 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Philip M. Gollucci 2007-04-19 06:30:03 UTC 
Update to 1.30
Changes:
http://perl.apache.org/dist/mod_perl-1.0-current/Changes

CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1349

Fix: Upgrade.

I know there still some portlint issues, and 
ports/74907: [PATCH] www/mod_perl: cleanups
was filed previously, but I'd like to see this go first so security upgrades
are easier.

Also, erwin@ (CC'ed) hinted I should take maintainership of this port on efnet
about 3 months ago.  So I've finally gotten around to to doing that.

Once this goes in, I'll circle back and review the above PR and portlint errors.
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2007-04-19 06:30:16 UTC 
Class Changed
From-To: maintainer-update->change-request

Fix category (submitter is not maintainer)
Comment 2 Edwin Groothuis freebsd_committer freebsd_triage 2007-04-19 06:30:33 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->apache

Over to maintainer
Comment 3 Philip M. Gollucci 2007-04-24 23:51:21 UTC 
per erwin@ request a vuxml entry:


-- 
------------------------------------------------------------------------
Philip M. Gollucci (pgollucci@p6m7g8.com) 323.219.4708
Consultant / http://p6m7g8.net/Resume
Senior Software Engineer - TicketMaster - http://ticketmaster.com
1024D/EC88A0BF 0DE5 C55C 6BF3 B235 2DAB  B89E 1324 9B4F EC88 A0BF

Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.
Comment 4 dfilter service freebsd_committer freebsd_triage 2007-04-25 18:04:42 UTC 
erwin       2007-04-25 17:04:36 UTC

  FreeBSD ports repository

  Modified files:
    security/vuxml       vuln.xml 
  Log:
  Add entry for mod_perl -- remote DOS in PATH_INFO parsing
  
  PR:             111844
  Submitted by:   "Philip M. Gollucci" <pgollucci@p6m7g8.com>
  
  Revision  Changes    Path
  1.1318    +30 -1     ports/security/vuxml/vuln.xml
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 5 Erwin Lansing freebsd_committer freebsd_triage 2007-04-25 19:46:36 UTC 
State Changed
From-To: open->closed

Committed, thanks! 
Note that there was an extra manpage and pm that you missed.
Comment 6 dfilter service freebsd_committer freebsd_triage 2007-04-25 19:46:36 UTC 
erwin       2007-04-25 18:46:30 UTC

  FreeBSD ports repository

  Modified files:
    www/mod_perl         Makefile distinfo pkg-plist 
    www/mod_perl/files   patch-Makefile.PL 
  Log:
  Update to 1.30
  
  PR:             111844
  Submitted by:   "Philip M. Gollucci" <pgollucci@p6m7g8.com>
  Security:       http://www.vuxml.org/freebsd/ef2ffb03-f2b0-11db-ad25-0010b5a0a860.html
  
  Revision  Changes    Path
  1.34      +4 -5      ports/www/mod_perl/Makefile
  1.12      +3 -3      ports/www/mod_perl/distinfo
  1.2       +11 -12    ports/www/mod_perl/files/patch-Makefile.PL
  1.13      +1 -0      ports/www/mod_perl/pkg-plist
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"