CVS commit: pkgsrc/www/apache

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/apache
From: OBATA Akio <obache%netbsd.org@localhost>
Date: Sat, 23 Feb 2008 05:16:34 +0000 (UTC)

Module Name:    pkgsrc
Committed By:   obache
Date:           Sat Feb 23 05:16:34 UTC 2008

Modified Files:
        pkgsrc/www/apache: Makefile PLIST distinfo
        pkgsrc/www/apache/patches: patch-aa patch-ae patch-af patch-ag patch-ah
            patch-ai patch-al patch-am patch-ao patch-aq
Removed Files:
        pkgsrc/www/apache/patches: patch-ar patch-as

Log Message:
Update apache to 1.3.41.

Changes with Apache 1.3.41

  *) SECURITY: CVE-2007-6388 (cve.mitre.org)
     mod_status: Ensure refresh parameter is numeric to prevent
     a possible XSS attack caused by redirecting to other URLs.
     Reported by SecurityReason.  [Mark Cox]

Changes with Apache 1.3.40 (not released)

  *) SECURITY: CVE-2007-5000 (cve.mitre.org)
     mod_imap: Fix cross-site scripting issue.  Reported by JPCERT.
     [Joe Orton]

  *) SECURITY: CVE-2007-3847 (cve.mitre.org)
     mod_proxy: Prevent reading past the end of a buffer when parsing
     date-related headers.  PR 41144.
     With Apache 1.3, the denial of service vulnerability applies only
     to the Windows and NetWare platforms.
     [Jeff Trawick]

  *) More efficient implementation of the CVE-2007-3304 PID table
     patch. This fixes issues with excessive memory usage by the
     parent process if long-running and with a high number of child
     process forks during that timeframe. Also fixes bogus "Bad pid"
     errors. [Jim Jagielski, Jeff Trawick]

Changes with Apache 1.3.39

  *) SECURITY: CVE-2006-5752 (cve.mitre.org)
     mod_status: Fix a possible XSS attack against a site with a public
     server-status page and ExtendedStatus enabled, for browsers which
     perform charset "detection".  Reported by Stefan Esser.  [Joe Orton]

  *) SECURITY: CVE-2007-3304 (cve.mitre.org)
     Ensure that the parent process cannot be forced to kill non-child
     processes by checking scoreboard PID data with parent process
     privately stored PID data. [Jim Jagielski]

  *) mime.types: Many updates to sync with IANA registry and common
     unregistered types that the owners refuse to register.  Admins
     are encouraged to update their installed mime.types file.
     pr: 35550, 37798, 39317, 31483 [Roy T. Fielding]

There was no Apache 1.3.38


To generate a diff of this commit:
cvs rdiff -r1.196 -r1.197 pkgsrc/www/apache/Makefile
cvs rdiff -r1.14 -r1.15 pkgsrc/www/apache/PLIST
cvs rdiff -r1.57 -r1.58 pkgsrc/www/apache/distinfo
cvs rdiff -r1.25 -r1.26 pkgsrc/www/apache/patches/patch-aa
cvs rdiff -r1.7 -r1.8 pkgsrc/www/apache/patches/patch-ae
cvs rdiff -r1.10 -r1.11 pkgsrc/www/apache/patches/patch-af \
    pkgsrc/www/apache/patches/patch-ai
cvs rdiff -r1.8 -r1.9 pkgsrc/www/apache/patches/patch-ag \
    pkgsrc/www/apache/patches/patch-al pkgsrc/www/apache/patches/patch-am
cvs rdiff -r1.5 -r1.6 pkgsrc/www/apache/patches/patch-ah \
    pkgsrc/www/apache/patches/patch-aq
cvs rdiff -r1.3 -r1.4 pkgsrc/www/apache/patches/patch-ao
cvs rdiff -r1.7 -r0 pkgsrc/www/apache/patches/patch-ar \
    pkgsrc/www/apache/patches/patch-as

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/wm/mlvwm
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/wm/mlvwm
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index