From 400a302e8bca4ad2bbef3bb38737680ef8fb53cd Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Wed, 1 Feb 2012 07:25:24 +0000 Subject: main/apache2: security upgrade to 2.2.22 (CVE-2012-0021, CVE-2012-0031, CVE-2012-0053, CVE-2011-3368) low: mod_log_config crash CVE-2012-0021 low: scoreboard parent DoS CVE-2012-0031 moderate: error responses can expose cookies CVE-2012-0053 moderate: mod_proxy reverse proxy exposure CVE-2011-3368 This release also include the previosly patched: low: mod_setenvif .htaccess privilege escalation CVE-2011-3607 moderate: mod_proxy reverse proxy exposure CVE-2011-4317 fixes #982 --- main/apache2/CVE-2011-3607.patch | 32 -------------------------------- 1 file changed, 32 deletions(-) delete mode 100644 main/apache2/CVE-2011-3607.patch (limited to 'main/apache2/CVE-2011-3607.patch') diff --git a/main/apache2/CVE-2011-3607.patch b/main/apache2/CVE-2011-3607.patch deleted file mode 100644 index 3ccbfbc481..0000000000 --- a/main/apache2/CVE-2011-3607.patch +++ /dev/null @@ -1,32 +0,0 @@ ---- 2.2.x/server/util.c 2012/01/04 19:42:04 1227279 -+++ 2.2.x/server/util.c 2012/01/04 19:45:22 1227280 -@@ -82,6 +82,8 @@ - #define IS_SLASH(s) (s == '/') - #endif - -+/* same as APR_SIZE_MAX which doesn't appear until APR 1.3 */ -+#define UTIL_SIZE_MAX (~((apr_size_t)0)) - - /* - * Examine a field value (such as a media-/content-type) string and return -@@ -366,7 +368,7 @@ - char *dest, *dst; - char c; - size_t no; -- int len; -+ apr_size_t len; - - if (!source) - return NULL; -@@ -391,6 +393,11 @@ - len++; - } - else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) { -+ if (UTIL_SIZE_MAX - len <= pmatch[no].rm_eo - pmatch[no].rm_so) { -+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, -+ "integer overflow or out of memory condition." ); -+ return NULL; -+ } - len += pmatch[no].rm_eo - pmatch[no].rm_so; - } - -- cgit v1.2.3