CVS commit: pkgsrc/www/apache22

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/apache22
From: Matthias Scheler <tron%netbsd.org@localhost>
Date: Wed, 18 Jun 2008 21:38:01 +0000 (UTC)

Module Name:    pkgsrc
Committed By:   tron
Date:           Wed Jun 18 21:38:01 UTC 2008

Modified Files:
        pkgsrc/www/apache22: Makefile Makefile.common PLIST distinfo
        pkgsrc/www/apache22/patches: patch-aa
Removed Files:
        pkgsrc/www/apache22/patches: patch-ab

Log Message:
Update "apache22" package to version 2.2.9.
This version of Apache is principally a bug and security fix release.
The following potential security flaws are addressed:
- CVE-2008-2364: mod_proxy_http: Better handling of excessive interim
  responses from origin server to prevent potential denial of service and
  high memory usage. Reported by Ryujiro Shibuya.
- CVE-2007-6420: mod_proxy_balancer: Prevent CSRF attacks against the
  balancer-manager interface.

pkgsrc related notes:
- CVE-2008-2364 was already fixed in "pkgsrc"
- CVE-2007-6420 doesn't affect the package in the default configuration
  because the "proxy_balancer" isn't enabled.


To generate a diff of this commit:
cvs rdiff -r1.26 -r1.27 pkgsrc/www/apache22/Makefile
cvs rdiff -r1.7 -r1.8 pkgsrc/www/apache22/Makefile.common
cvs rdiff -r1.5 -r1.6 pkgsrc/www/apache22/PLIST
cvs rdiff -r1.10 -r1.11 pkgsrc/www/apache22/distinfo
cvs rdiff -r1.2 -r1.3 pkgsrc/www/apache22/patches/patch-aa
cvs rdiff -r1.6 -r0 pkgsrc/www/apache22/patches/patch-ab

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/bootstrap
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/bootstrap
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index