diff options
author | Florian Smeets <flo@FreeBSD.org> | 2012-11-26 21:23:25 +0000 |
---|---|---|
committer | Florian Smeets <flo@FreeBSD.org> | 2012-11-26 21:23:25 +0000 |
commit | bc204257b930948b892bda81f6fca61f61f2d7c1 (patch) | |
tree | 3593ef8bb026f702e464836eb1c9e4d7fd0bffcf /comms/hso-kmod/pkg-descr | |
parent | 37619a2e8392f0b7007b8503cad9e85abaf6f3b8 (diff) | |
download | ports-bc204257b930948b892bda81f6fca61f61f2d7c1.tar.gz ports-bc204257b930948b892bda81f6fca61f61f2d7c1.zip |
MFH r307747
- Update backports patch to 20121114
- Bump PORTREVISION
Changes:
- CVE-2006-7243
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow
context-dependent attackers to bypass intended access restrictions by placing a
safe file extension after this character, as demonstrated by .php\0.jpg at the
end of the argument to the file_exists function
Secuity 3761df02-0f9c-11e0-becc-0022156e8794 fixed by check in fopen functions
for strlen(filename) != filename_len
- CVE-2012-4388
The sapi_header_op function in main/SAPI.c does not properly determine a pointer
during checks for %0D sequences (aka carriage return characters), which allows
remote attackers to bypass an HTTP response-splitting protection mechanism via a
crafted URL, this vulnerability exists because of an incorrect fix for
CVE-2011-1398.
- Timezone database updated to version 2012.9 (2012i)
Approved by: portmgr (beat)
Feature safe: yes
Notes
Notes:
svn path=/branches/RELENG_9_1_0/; revision=307800
Diffstat (limited to 'comms/hso-kmod/pkg-descr')
0 files changed, 0 insertions, 0 deletions