Opened 18 years ago
Closed 18 years ago
#8751 closed defect (fixed)
UPDATE: apache2 2.2.2
| Reported by: | blair (Blair Zajac) | Owned by: | james@… |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 1.2 |
| Keywords: | Cc: | ||
| Port: |
Description
Hello,
Just saw that Apache 2.2.2 is available with these two security fixes:
*) SECURITY: CVE-2005-3357 (cve.mitre.org)
mod_ssl: Fix a possible crash during access control checks if a non-SSL request is processed for an SSL vhost (such as the "HTTP request received on SSL port" error message when an 400 ErrorDocument is configured, or if using "SSLEngine optional"). PR 37791. [Rüdiger Plüm, Joe Orton]
*) SECURITY: CVE-2005-3352 (cve.mitre.org)
mod_imagemap: Escape untrusted referer header before outputting in HTML to avoid potential cross-site scripting. Change also made to ap_escape_html so we escape quotes. Reported by JPCERT. [Mark Cox]
Regards, Blair
Change History (1)
comment:1 Changed 18 years ago by mww@…
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
| Summary: | Apache 2.2.2 is available → UPDATE: apache2 2.2.2 |
Note: See
TracTickets for help on using
tickets.
thanks, 2.2.2 has been commmited by James Berry!