RegistryCooker.pm in mod_perl 2.x does not properly escape PATH_INFO before use in a regular expression as noted in CVE-2007-1349: http://www.freebsd.org/ports/portaudit/ef2ffb03-f2b0-11db-ad25-0010b5a0a860.html Fix: The patch below fixes this in www/mod_perl2 by disabling pattern metacharacters in the regex. The patch was obtained from Gentoo Linux Bugzilla bug #172676: http://bugs.gentoo.org/172676 Note that vuxml also needs to be updated to reflect the fix of this problem in www/mod_perl2.
State Changed From-To: open->feedback Awaiting maintainers feedback
erwin 2007-06-27 20:42:58 UTC FreeBSD ports repository Modified files: www/mod_perl2 Makefile Added files: www/mod_perl2/files patch-RegistryCooker.pm Log: mod_perl 2.x does not properly escape PATH_INFO before use in a regular expression PR: 113988 Submitted by: Henrik Brix Andersen <henrik@brixandersen.dk> Approved by: maintainer override (3 days, security) Security: CVE-2007-1349, VuXML ef2ffb03-f2b0-11db-ad25-0010b5a0a860 Revision Changes Path 1.56 +4 -1 ports/www/mod_perl2/Makefile 1.1 +12 -0 ports/www/mod_perl2/files/patch-RegistryCooker.pm (new) _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: feedback->closed Committed with modification, thanks!