Bug 160743

Summary: [patch] www/apache22: update to 2.2.21
Product: Ports & Packages Reporter: Jason Helfman <jhelfman>
Component: Individual Port(s)Assignee: freebsd-apache (Nobody) <apache>
Status: Closed FIXED    
Severity: Affects Only Me CC: apache
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description Jason Helfman 2011-09-14 22:20:07 UTC 
Update to 2.2.21
Builds cleanly in Tinderbox

Addresses:
     * SECURITY: CVE-2011-3348 (cve.mitre.org)
       mod_proxy_ajp when combined with mod_proxy_balancer: Prevents
       unrecognized HTTP methods from marking ajp: balancer members
       in an error state, avoiding denial of service.

     * SECURITY: CVE-2011-3192 (cve.mitre.org)
       core: Further fixes to the handling of byte-range requests to use
       less memory, to avoid denial of service. This patch includes fixes
       to the patch introduced in release 2.2.20 for protocol compliance,
       as well as the MaxRanges directive.
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2011-09-14 22:20:18 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->apache

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Jason 2011-09-14 23:14:43 UTC 
Tinderbox log => http://jgh.devio.us/files/logs/apache-2.2.21.log

-jgh

-- 
Jason Helfman
System Administrator
experts-exchange.com
http://www.experts-exchange.com/M_4830110.html
E4AD 7CF1 1396 27F6 79DD  4342 5E92 AD66 8C8C FBA5
Comment 3 dfilter service freebsd_committer freebsd_triage 2011-09-15 06:00:38 UTC 
ohauer      2011-09-15 05:00:28 UTC

  FreeBSD ports repository

  Modified files:
    www/apache22         Makefile distinfo 
  Log:
  - update to version 2.2.21
  
  Addresses:
  * SECURITY: CVE-2011-3348 (cve.mitre.org)
   mod_proxy_ajp when combined with mod_proxy_balancer: Prevents
   unrecognized HTTP methods from marking ajp: balancer members
   in an error state, avoiding denial of service.
  
  * SECURITY: CVE-2011-3192 (cve.mitre.org)
   core: Further fixes to the handling of byte-range requests to use
   less memory, to avoid denial of service. This patch includes fixes
   to the patch introduced in release 2.2.20 for protocol compliance,
   as well as the MaxRanges directive.
  
  PR:             ports/160743
  Submitted by:   Jason Helfman <jhelfman@experts-exchange.com>
  
  Revision  Changes    Path
  1.293     +2 -2      ports/www/apache22/Makefile
  1.86      +2 -2      ports/www/apache22/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 4 Olli Hauer freebsd_committer freebsd_triage 2011-09-15 06:02:01 UTC 
State Changed
From-To: open->closed

Committed, 
Thanks!