Ticket #8751 (closed defect: fixed)
UPDATE: apache2 2.2.2
| Reported by: | blair@… | Owned by: | james@… |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 1.2 |
| Keywords: | Cc: | ||
| Port: |
Description
Hello,
Just saw that Apache 2.2.2 is available with these two security fixes:
*) SECURITY: CVE-2005-3357 (cve.mitre.org)
mod_ssl: Fix a possible crash during access control checks if a non-SSL request is processed for an SSL vhost (such as the "HTTP request received on SSL port" error message when an 400 ErrorDocument is configured, or if using "SSLEngine optional"). PR 37791. [Rüdiger Plüm, Joe Orton]
*) SECURITY: CVE-2005-3352 (cve.mitre.org)
mod_imagemap: Escape untrusted referer header before outputting in HTML to avoid potential cross-site scripting. Change also made to ap_escape_html so we escape quotes. Reported by JPCERT. [Mark Cox]
Regards, Blair
Change History
Note: See
TracTickets for help on using
tickets.
thanks, 2.2.2 has been commmited by James Berry!