Bug 113066 - [patch] Security update for www/mod_jk to 1.2.23
Summary: [patch] Security update for www/mod_jk to 1.2.23
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Palle Girgensohn
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-05-27 21:00 UTC by Nick Barkas
Modified: 2007-07-29 12:57 UTC (History)
0 users

See Also:


Attachments
mod_jk.patch (919 bytes, patch)
2007-05-27 21:00 UTC, Nick Barkas
no flags Details | Diff
file.diff (1.77 KB, patch)
2007-05-27 21:00 UTC, Nick Barkas
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Nick Barkas 2007-05-27 21:00:30 UTC
This is an update to the port to its latest version, 1.2.23, which has a fix for
possible information disclosure via double encoded paths. See
http://tomcat.apache.org/security-jk.html

Fix: Here is a patch to update the port, and a patch to update VuXML with the
vulnerability.
Comment 1 Edwin Groothuis freebsd_committer 2007-05-27 21:01:25 UTC
Responsible Changed
From-To: freebsd-ports-bugs->girgen

Over to maintainer
Comment 2 dfilter service freebsd_committer 2007-07-04 11:14:37 UTC
girgen      2007-07-04 10:14:30 UTC

  FreeBSD ports repository

  Modified files:
    www/mod_jk           Makefile distinfo 
  Log:
  Upgrade to 1.2.23 to fix a security issue.
  
  Submitted by:   Nick Barkas <snb@threerings.net>
  Security:       CVE-2007-1860
  Security:       http://www.freebsd.org/ports/portaudit/d9405748-1342-11dc-a35c-001485ab073e.html
  PR:             ports/113066
  
  Revision  Changes    Path
  1.37      +1 -1      ports/www/mod_jk/Makefile
  1.15      +3 -3      ports/www/mod_jk/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 3 Pav Lucistnik freebsd_committer 2007-07-29 12:55:47 UTC
State Changed
From-To: open->closed

Looks like maintainer forgot to close this PR after he committed  the update.