[newpkgs] New Apache 2.0 package
Ihsan Dogan
ihsan at dogan.ch
Sun Mar 21 00:27:46 MET 2004
Hi,
The Apache 2.0 package have updated from 2.0.48,REV=2003.12.20
to 2.0.49,REV=2004.03.20.
Changes: - Upgraded to a new version 2.0.49
- Security fixes:
SECURITY: CAN-2004-0174 (cve.mitre.org) Fix starvation
issue on listening sockets where a short-lived
connection on a rarely-accessed listening socket will
cause a child to hold the accept mutex and block out
new connections until another connection arrives on
that rarely-accessed listening socket. With Apache 2.x
there is no performance concern about enabling the
logic for platforms which don't need it, so it is
enabled everywhere except for Win32. [Jeff Trawick]
SECURITY: CAN-2004-0113 (cve.mitre.org) mod_ssl: Fix a
memory leak in plain-HTTP-on-SSL-port handling. PR
27106. [Joe Orton]
SECURITY: CAN-2003-0020 (cve.mitre.org) Escape
arbitrary data before writing into the errorlog.
Unescaped errorlogs are still possible using the
compile time switch "-DAP_UNSAFE_ERROR_LOG_UNESCAPED".
[Geoffrey Young, André Malo]
- A complete list of changes is available on [1].
[1] http://www.apache.org/dist/httpd/Announcement2.html
Cheers, Ihsan...
--
Swiss Unix User Group: http://www.suug.ch/
Software Packages for Solaris: http://www.blastwave.org/
More information about the newpkgs
mailing list