mirror of
https://git.FreeBSD.org/ports.git
synced 2024-11-25 00:51:21 +00:00
0220dfc0a3
- fix build with SSL from ports [1] SECURITY: CVE-2014-0118 (cve.mitre.org) mod_deflate: The DEFLATE input filter (inflates request bodies) now limits the length and compression ratio of inflated request bodies to avoid denial of sevice via highly compressed bodies. See directives DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and DeflateInflateRatioBurst. http://svn.apache.org/viewvc?view=revision&revision=1611426 SECURITY: CVE-2014-0226 (cve.mitre.org) Fix a race condition in scoreboard handling, which could lead to a heap buffer overflow. Thanks to Marek Kroemeke working with HP's Zero Day Initiative for reporting this. * include/scoreboard.h: Add ap_copy_scoreboard_worker. * server/scoreboard.c (ap_copy_scoreboard_worker): New function. * modules/generators/mod_status.c (status_handler): Use it. http://svn.apache.org/viewvc?view=revision&revision=1610515 SECURITY: CVE-2014-0231 (cve.mitre.org) mod_cgid: Fix a denial of service against CGI scripts that do not consume stdin that could lead to lingering HTTPD child processes filling up the scoreboard and eventually hanging the server. http://svn.apache.org/viewvc?view=revision&revision=1611185 [1] noted and testd by mat@ MFH: 2014Q3 Security: f927e06c-1109-11e4-b090-20cf30e32f6d CVE-2014-0118 CVE-2014-0231 CVE-2014-0226 |
||
---|---|---|
.. | ||
files | ||
distinfo | ||
Makefile | ||
Makefile.doc | ||
Makefile.modules | ||
Makefile.options | ||
pkg-descr | ||
pkg-message | ||
pkg-plist |