diff options
| author | ohauer <ohauer@FreeBSD.org> | 2013-07-21 01:11:54 +0800 |
|---|---|---|
| committer | ohauer <ohauer@FreeBSD.org> | 2013-07-21 01:11:54 +0800 |
| commit | 7c44a0af68fa6a7e490791e04d7ff3189fb6cd31 (patch) | |
| tree | a8920a68bc5c2fa591b563386c096405b6330957 /security/vuxml | |
| parent | 225b3cc1bfb5e3d549e3952e36ecd5c8e832b720 (diff) | |
| download | freebsd-ports-gnome-7c44a0af68fa6a7e490791e04d7ff3189fb6cd31.tar.gz freebsd-ports-gnome-7c44a0af68fa6a7e490791e04d7ff3189fb6cd31.tar.zst freebsd-ports-gnome-7c44a0af68fa6a7e490791e04d7ff3189fb6cd31.zip | |
- update to apache24-2.4.6
- new modules: mod_cache_socache, mod_macro and mod_proxy_wstunnel
- add enty to vuxml
SECURITY: CVE-2013-1896 (cve.mitre.org)
mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
the source href (sent as part of the request body as XML) pointing to a
URI that is not configured for DAV will trigger a segfault.
SECURITY: CVE-2013-2249 (cve.mitre.org)
mod_session_dbd: Make sure that dirty flag is respected when saving
sessions, and ensure the session ID is changed each time the session
changes. This changes the format of the updatesession SQL statement.
Existing configurations must be changed.
Changelog:
http://www.apache.org/dist/httpd/CHANGES_2.4.6
with hat apache@
Security: ca4d63fb-f15c-11e2-b183-20cf30e32f6d
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 3be36b756f8f..13fbe2d95056 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,38 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="ca4d63fb-f15c-11e2-b183-20cf30e32f6d"> + <topic>apache24 -- several vulnerabilities</topic> + <affects> + <package> + <name>apache24</name> + <range><lt>2.4.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Apache HTTP SERVER PROJECT reports:</p> + <blockquote cite="http://www.apache.org/dist/httpd/Announcement2.4.html"> + <p>mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn + with the source href (sent as part of the request body as XML) pointing + to a URI that is not configured for DAV will trigger a segfault.</p> + <p>mod_session_dbd: Make sure that dirty flag is respected when saving + sessions, and ensure the session ID is changed each time the session + changes. This changes the format of the updatesession SQL statement. + Existing configurations must be changed.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-1896</cvename> + <cvename>CVE-2013-2249</cvename> + </references> + <dates> + <discovery>2013-07-11</discovery> + <entry>2013-07-20</entry> + </dates> + </vuln> + <vuln vid="9b037a0d-ef2c-11e2-b4a0-8c705af55518"> <topic>gallery -- multiple vulnerabilities</topic> <affects> |