CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2014/07/23 14:22:56
Modified files:
www/cherokee : Tag: OPENBSD_5_5 Makefile
Added files:
www/cherokee/patches: Tag: OPENBSD_5_5
patch-cherokee_validator_ldap_c
Log message:
MFC security fix for CVE-2014-4668. ok jasper@
Original log message:
The LDAP authenticator considered successful LDAP bindings as a proper
authentication, without checking the length of the user's password.
But the LDAP server configuration might allow password-less bindings
to retrieve public information. ok naddy@
