CVS: cvs.openbsd.org: ports

Fri, 14 Jul 2017 11:32:51 -0700 

CVSROOT:        /cvs
Module name:    ports
Changes by:     [email protected]   2017/07/14 12:32:13

Added files:
        www/apache-httpd/patches: Tag: OPENBSD_6_1 
                                  patch-modules_ssl_mod_ssl_c 
                                  patch-modules_ssl_ssl_engine_init_c 
                                  patch-modules_ssl_ssl_engine_io_c 
                                  patch-modules_ssl_ssl_engine_kernel_c 
                                  patch-modules_ssl_ssl_engine_vars_c 
                                  patch-modules_ssl_ssl_private_h 
                                  patch-modules_ssl_ssl_util_ssl_h 
                                  patch-support_ab_c 

Log message:
MFC security update to Apache httpd-2.4.27

fixed in 2.4.26:

ap_get_basic_auth_pw() Authentication Bypass CVE-2017-3167
mod_ssl Null Pointer Dereference CVE-2017-3169
mod_http2 Null Pointer Dereference CVE-2017-7659
ap_find_token() Buffer Overread CVE-2017-7668
mod_mime Buffer Overread CVE-2017-7679

fixed in 2.4.27:

Read after free in mod_http2 CVE-2017-9789
Uninitialized memory reflection in mod_auth_digest CVE-2017-9788

Reply via email to