Now
MAIN commitmail json YAML
pkgsrc/www/apache/Makefile@1.197
/
diff
pkgsrc/www/apache/PLIST@1.15 / diff
pkgsrc/www/apache/distinfo@1.58 / diff
pkgsrc/www/apache/patches/patch-aa@1.26 / diff
pkgsrc/www/apache/patches/patch-ae@1.8 / diff
pkgsrc/www/apache/patches/patch-af@1.11 / diff
pkgsrc/www/apache/patches/patch-ag@1.9 / diff
pkgsrc/www/apache/patches/patch-ah@1.6 / diff
pkgsrc/www/apache/patches/patch-ai@1.11 / diff
pkgsrc/www/apache/patches/patch-al@1.9 / diff
pkgsrc/www/apache/patches/patch-am@1.9 / diff
pkgsrc/www/apache/patches/patch-ao@1.4 / diff
pkgsrc/www/apache/patches/patch-aq@1.6 / diff
pkgsrc/www/apache/patches/patch-ar deleted
pkgsrc/www/apache/patches/patch-as deleted
pkgsrc/www/apache/PLIST@1.15 / diff
pkgsrc/www/apache/distinfo@1.58 / diff
pkgsrc/www/apache/patches/patch-aa@1.26 / diff
pkgsrc/www/apache/patches/patch-ae@1.8 / diff
pkgsrc/www/apache/patches/patch-af@1.11 / diff
pkgsrc/www/apache/patches/patch-ag@1.9 / diff
pkgsrc/www/apache/patches/patch-ah@1.6 / diff
pkgsrc/www/apache/patches/patch-ai@1.11 / diff
pkgsrc/www/apache/patches/patch-al@1.9 / diff
pkgsrc/www/apache/patches/patch-am@1.9 / diff
pkgsrc/www/apache/patches/patch-ao@1.4 / diff
pkgsrc/www/apache/patches/patch-aq@1.6 / diff
pkgsrc/www/apache/patches/patch-ar deleted
pkgsrc/www/apache/patches/patch-as deleted
Update apache to 1.3.41.
Changes with Apache 1.3.41
*) SECURITY: CVE-2007-6388 (cve.mitre.org)
mod_status: Ensure refresh parameter is numeric to prevent
a possible XSS attack caused by redirecting to other URLs.
Reported by SecurityReason. [Mark Cox]
Changes with Apache 1.3.40 (not released)
*) SECURITY: CVE-2007-5000 (cve.mitre.org)
mod_imap: Fix cross-site scripting issue. Reported by JPCERT.
[Joe Orton]
*) SECURITY: CVE-2007-3847 (cve.mitre.org)
mod_proxy: Prevent reading past the end of a buffer when parsing
date-related headers. PR 41144.
With Apache 1.3, the denial of service vulnerability applies only
to the Windows and NetWare platforms.
[Jeff Trawick]
*) More efficient implementation of the CVE-2007-3304 PID table
patch. This fixes issues with excessive memory usage by the
parent process if long-running and with a high number of child
process forks during that timeframe. Also fixes bogus "Bad pid"
errors. [Jim Jagielski, Jeff Trawick]
Changes with Apache 1.3.39
*) SECURITY: CVE-2006-5752 (cve.mitre.org)
mod_status: Fix a possible XSS attack against a site with a public
server-status page and ExtendedStatus enabled, for browsers which
perform charset "detection". Reported by Stefan Esser. [Joe Orton]
*) SECURITY: CVE-2007-3304 (cve.mitre.org)
Ensure that the parent process cannot be forced to kill non-child
processes by checking scoreboard PID data with parent process
privately stored PID data. [Jim Jagielski]
*) mime.types: Many updates to sync with IANA registry and common
unregistered types that the owners refuse to register. Admins
are encouraged to update their installed mime.types file.
pr: 35550, 37798, 39317, 31483 [Roy T. Fielding]
There was no Apache 1.3.38
Changes with Apache 1.3.41
*) SECURITY: CVE-2007-6388 (cve.mitre.org)
mod_status: Ensure refresh parameter is numeric to prevent
a possible XSS attack caused by redirecting to other URLs.
Reported by SecurityReason. [Mark Cox]
Changes with Apache 1.3.40 (not released)
*) SECURITY: CVE-2007-5000 (cve.mitre.org)
mod_imap: Fix cross-site scripting issue. Reported by JPCERT.
[Joe Orton]
*) SECURITY: CVE-2007-3847 (cve.mitre.org)
mod_proxy: Prevent reading past the end of a buffer when parsing
date-related headers. PR 41144.
With Apache 1.3, the denial of service vulnerability applies only
to the Windows and NetWare platforms.
[Jeff Trawick]
*) More efficient implementation of the CVE-2007-3304 PID table
patch. This fixes issues with excessive memory usage by the
parent process if long-running and with a high number of child
process forks during that timeframe. Also fixes bogus "Bad pid"
errors. [Jim Jagielski, Jeff Trawick]
Changes with Apache 1.3.39
*) SECURITY: CVE-2006-5752 (cve.mitre.org)
mod_status: Fix a possible XSS attack against a site with a public
server-status page and ExtendedStatus enabled, for browsers which
perform charset "detection". Reported by Stefan Esser. [Joe Orton]
*) SECURITY: CVE-2007-3304 (cve.mitre.org)
Ensure that the parent process cannot be forced to kill non-child
processes by checking scoreboard PID data with parent process
privately stored PID data. [Jim Jagielski]
*) mime.types: Many updates to sync with IANA registry and common
unregistered types that the owners refuse to register. Admins
are encouraged to update their installed mime.types file.
pr: 35550, 37798, 39317, 31483 [Roy T. Fielding]
There was no Apache 1.3.38