Summary: | www/yaws needs to be updated to 1.93 for a security fix | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | kenji.rikitake | ||||
Component: | Individual Port(s) | Assignee: | Jimmy Olgeni <olgeni> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Only Me | ||||||
Priority: | Normal | ||||||
Version: | Latest | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
kenji.rikitake
2012-06-24 08:10:10 UTC
This PR should have been categorized as ports. My apologies. ++> FreeBSD-gnats-submit@FreeBSD.org <FreeBSD-gnats-submit@FreeBSD.org> [2012-06-24 07:10:10 +0000]: > http://www.freebsd.org/cgi/query-pr.cgi?pr=169363 > > >Category: misc > >Responsible: freebsd-bugs > >Synopsis: www/yaws needs to be updated to 1.93 for a security fix > >Arrival-Date: Sun Jun 24 07:10:10 UTC 2012 Responsible Changed From-To: freebsd-bugs->olgeni Over to maintainer. State Changed From-To: open->closed Committed. Thanks! olgeni 2012-06-25 01:10:44 UTC FreeBSD ports repository Modified files: www/yaws Makefile distinfo pkg-plist www/yaws/files patch-man_yaws.conf.5 Added files: www/yaws/files patch-scripts__gen-yaws Log: Upgrade to version 1.93, which contains a security fix among other changes. From Erlyaws-list: "Use crypto:rand_bytes() instead of the cryptographically weak random module. Swedish security consultant and cryptographer Kalle Zetterlund discovered a way to - given a sequence of cookies produced by yaws_session_server - predict the next session id. Thus providing a gaping security hole into yaws servers that use the yaws_session_server to maintain cookie based HTTP sessions (klacke/kallez)" PR: ports/169363 Submitted by: Kenji Rikitake <kenji.rikitake@acm.org> Revision Changes Path 1.60 +11 -3 ports/www/yaws/Makefile 1.40 +2 -2 ports/www/yaws/distinfo 1.5 +4 -4 ports/www/yaws/files/patch-man_yaws.conf.5 1.1 +20 -0 ports/www/yaws/files/patch-scripts__gen-yaws (new) 1.37 +24 -4 ports/www/yaws/pkg-plist _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org" |