Bug 113066 - [patch] Security update for www/mod_jk to 1.2.23
Summary: [patch] Security update for www/mod_jk to 1.2.23
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Palle Girgensohn
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-05-27 21:00 UTC by Nick Barkas
Modified: 2007-07-29 12:57 UTC (History)
0 users

See Also:

Attachments
mod_jk.patch (919 bytes, patch)
2007-05-27 21:00 UTC, Nick Barkas 		no flags Details | Diff
file.diff (1.77 KB, patch)
2007-05-27 21:00 UTC, Nick Barkas 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Nick Barkas 2007-05-27 21:00:30 UTC 
This is an update to the port to its latest version, 1.2.23, which has a fix for
possible information disclosure via double encoded paths. See
http://tomcat.apache.org/security-jk.html

Fix: Here is a patch to update the port, and a patch to update VuXML with the
vulnerability.
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2007-05-27 21:01:25 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->girgen

Over to maintainer
Comment 2 dfilter service freebsd_committer freebsd_triage 2007-07-04 11:14:37 UTC 
girgen      2007-07-04 10:14:30 UTC

  FreeBSD ports repository

  Modified files:
    www/mod_jk           Makefile distinfo 
  Log:
  Upgrade to 1.2.23 to fix a security issue.
  
  Submitted by:   Nick Barkas <snb@threerings.net>
  Security:       CVE-2007-1860
  Security:       http://www.freebsd.org/ports/portaudit/d9405748-1342-11dc-a35c-001485ab073e.html
  PR:             ports/113066
  
  Revision  Changes    Path
  1.37      +1 -1      ports/www/mod_jk/Makefile
  1.15      +3 -3      ports/www/mod_jk/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 3 Pav Lucistnik freebsd_committer freebsd_triage 2007-07-29 12:55:47 UTC 
State Changed
From-To: open->closed

Looks like maintainer forgot to close this PR after he committed  the update.