From 001de23829a0a974adaceb753b9f035329efd4f0 Mon Sep 17 00:00:00 2001 From: clement Date: Thu, 27 Jul 2006 20:26:29 +0000 Subject: - Fix security issue in mod_rewrite. All people using mod_rewrite are strongly encouraged to update. An off-by-one flaw exists in the Rewrite module, mod_rewrite. Depending on the manner in which Apache httpd was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. For vulnerable builds, the nature of the vulnerability can be denial of service (crashing of web server processes) or potentially allow arbitrary code execution. This issue has been rated as having important security impact by the Apache HTTP Server Security Team Updates to latest versions will follow soon. Notified by: so@ (simon) Obtained from: Apache Security Team Security: CVE-2006-3747 --- www/apache21/Makefile | 2 +- www/apache21/files/patch-secfix-CVE-2006-3747 | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 www/apache21/files/patch-secfix-CVE-2006-3747 (limited to 'www/apache21') diff --git a/www/apache21/Makefile b/www/apache21/Makefile index 12d73c84e2a6..1bc458b767d4 100644 --- a/www/apache21/Makefile +++ b/www/apache21/Makefile @@ -9,7 +9,7 @@ PORTNAME= apache PORTVERSION= 2.1.9 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} \ ${MASTER_SITE_LOCAL:S/%SUBDIR%/clement/}:powerlogo diff --git a/www/apache21/files/patch-secfix-CVE-2006-3747 b/www/apache21/files/patch-secfix-CVE-2006-3747 new file mode 100644 index 000000000000..b40f6d31d095 --- /dev/null +++ b/www/apache21/files/patch-secfix-CVE-2006-3747 @@ -0,0 +1,13 @@ +Index: modules/mappers/mod_rewrite.c +=================================================================== +--- modules/mappers/mod_rewrite.c (revision 424536) ++++ modules/mappers/mod_rewrite.c (working copy) +@@ -667,7 +667,7 @@ + int c = 0; + + token[0] = cp = apr_pstrdup(p, cp); +- while (*cp && c < 5) { ++ while (*cp && c < 4) { + if (*cp == '?') { + token[++c] = cp + 1; + *cp = '\0'; -- cgit