Re: [Fink-devel] apache 2.0.52 and svn 1.1.0

Thu, 14 Oct 2004 11:02:24 -0700

It is coming, because of the problems in Florida where Dustin the maintainers lives it's is just behind a little.
---
TS
http://southofheaven.org
Chaos is the beginning and end, try dealing with the rest.

On 14-Oct-04, at 11:13 AM, Blair Zajac wrote:

Apache 2.0.50 is still in Fink and there have been a number of security issues fixed in 2.0.51 and 2.0.52.

Changes with Apache 2.0.52

  *) SECURITY: CAN-2004-0811 (cve.mitre.org)
     Fix merging of the Satisfy directive, which was applied to
     the surrounding context and could allow access despite configured
     authentication.  PR 31315.  [Rici Lake <rici ricilake.net>]

Changes with Apache 2.0.51

  *) SECURITY: CAN-2004-0786 (cve.mitre.org)
     Fix an input validation issue in apr-util which could be
     triggered by malformed IPv6 literal addresses.  [Joe Orton]

  *) SECURITY: CAN-2004-0747 (cve.mitre.org)
     Fix buffer overflow in expansion of environment variables in
     configuration file parsing.  [Andr� Malo]

  *) SECURITY: CAN-2004-0809 (cve.mitre.org)
     mod_dav_fs: Fix a segfault in the handling of an indirect lock
     refresh.  PR 31183.  [Joe Orton]

  *) SECURITY: CAN-2004-0751 (cve.mitre.org)
     mod_ssl: Fix a segfault in the SSL input filter which could be
     triggered if using "speculative" mode, for instance by a
     proxy request to an SSL server.  PR 30134.  [Joe Orton]

  *) SECURITY: CAN-2004-0748 (cve.mitre.org)
     mod_ssl: Fix a potential infinite loop.  PR 29964.  [Joe Orton]

Also, I was able to get Subversion 1.1.0 to compile out of the box against 2.0.52 but not 2.0.50 on my RedHat 9 box. I'm thinking there may be similar build issues with Fink.

So I'm thinking we should update Apache and then get Subversion up to 1.1.0.

Blair

--
Blair Zajac <[EMAIL PROTECTED]>
Plots of your system's performance - http://www.orcaware.com/orca/


-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Fink-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/fink-devel




-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Fink-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/fink-devel

Reply via email to