CVSROOT: /cvs Module name: ports Changes by: st...@cvs.openbsd.org 2017/07/14 12:32:13
Added files: www/apache-httpd/patches: Tag: OPENBSD_6_1 patch-modules_ssl_mod_ssl_c patch-modules_ssl_ssl_engine_init_c patch-modules_ssl_ssl_engine_io_c patch-modules_ssl_ssl_engine_kernel_c patch-modules_ssl_ssl_engine_vars_c patch-modules_ssl_ssl_private_h patch-modules_ssl_ssl_util_ssl_h patch-support_ab_c Log message: MFC security update to Apache httpd-2.4.27 fixed in 2.4.26: ap_get_basic_auth_pw() Authentication Bypass CVE-2017-3167 mod_ssl Null Pointer Dereference CVE-2017-3169 mod_http2 Null Pointer Dereference CVE-2017-7659 ap_find_token() Buffer Overread CVE-2017-7668 mod_mime Buffer Overread CVE-2017-7679 fixed in 2.4.27: Read after free in mod_http2 CVE-2017-9789 Uninitialized memory reflection in mod_auth_digest CVE-2017-9788