CVSROOT: /cvs Module name: ports Changes by: [email protected] 2014/07/23 14:14:07
Modified files:
www/cherokee : Makefile
Added files:
www/cherokee/patches: patch-cherokee_validator_ldap_c
Log message:
SECURITY fix for CVE-2014-4668. The LDAP authenticator considered
successful LDAP bindings as a proper authentication, without checking
the length of the user's password. But the LDAP server configuration
might allow password-less bindings to retrieve public information.
ok naddy@
