The NetBSD Project

CVS log for pkgsrc/www/apache24/distinfo

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / www / apache24

Request diff between arbitrary revisions


Default branch: MAIN
Current tag: pkgsrc-2016Q4-base


Revision 1.28 / (download) - annotate - [select for diffs], Tue Dec 20 21:06:34 2016 UTC (2 years, 9 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4
Changes since 1.27: +5 -7 lines
Diff to previous 1.27 (colored)

Update apache24 to 2.4.25 (Apache HTTPD 2.4.25).  2.4.24 was not released.

This release fixes several security problems, some of them are already
handled in pkgsrc.  Please refer CHANGES file in detail.

  *) SECURITY: CVE-2016-8740 (cve.mitre.org)
     mod_http2: Mitigate DoS memory exhaustion via endless
     CONTINUATION frames.
     [Naveen Tiwari <naveen.tiwari@asu.edu> and CDF/SEFCOM at Arizona State
     University, Stefan Eissing]

  *) SECURITY: CVE-2016-5387 (cve.mitre.org)
     core: Mitigate [f]cgi "httpoxy" issues.
     [Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]

  *) SECURITY: CVE-2016-2161 (cve.mitre.org)
     mod_auth_digest: Prevent segfaults during client entry allocation when
     the shared memory space is exhausted.
     [Maksim Malyutin <m.malyutin dsec.ru>, Eric Covener, Jacob Champion]

  *) SECURITY: CVE-2016-0736 (cve.mitre.org)
     mod_session_crypto: Authenticate the session data/cookie with a
     MAC (SipHash) to prevent deciphering or tampering with a padding
     oracle attack.  [Yann Ylavic, Colm MacCarthaigh]

  *) SECURITY: CVE-2016-8743 (cve.mitre.org)
     Enforce HTTP request grammar corresponding to RFC7230 for request lines
     and request headers, to prevent response splitting and cache pollution by
     malicious clients or downstream proxies. [William Rowe, Stefan Fritsch]

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>