CVSROOT: /cvs
Module name: ports
Changes by: st...@cvs.openbsd.org 2017/07/14 12:32:13
Added files:
www/apache-httpd/patches: Tag: OPENBSD_6_1
patch-modules_ssl_mod_ssl_c
patch-modules_ssl_ssl_engine_init_c
patch-modules_ssl_ssl_engine_io_c
patch-modules_ssl_ssl_engine_kernel_c
patch-modules_ssl_ssl_engine_vars_c
patch-modules_ssl_ssl_private_h
patch-modules_ssl_ssl_util_ssl_h
patch-support_ab_c
Log message:
MFC security update to Apache httpd-2.4.27
fixed in 2.4.26:
ap_get_basic_auth_pw() Authentication Bypass CVE-2017-3167
mod_ssl Null Pointer Dereference CVE-2017-3169
mod_http2 Null Pointer Dereference CVE-2017-7659
ap_find_token() Buffer Overread CVE-2017-7668
mod_mime Buffer Overread CVE-2017-7679
fixed in 2.4.27:
Read after free in mod_http2 CVE-2017-9789
Uninitialized memory reflection in mod_auth_digest CVE-2017-9788
