[Bug 197844] www/fcgi issue (CVE-2012-6687)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Feb 20 10:29:39 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197844
Bug ID: 197844
Summary: www/fcgi issue (CVE-2012-6687)
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: Individual Port(s)
Assignee: freebsd-ports-bugs at FreeBSD.org
Reporter: rodrigo at FreeBSD.org
CC: freebsd at skysmurf.nl
CC: freebsd at skysmurf.nl
Flags: maintainer-feedback?(freebsd at skysmurf.nl)
Created attachment 153202
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=153202&action=edit
update fcgi to 2.4.0_5 + CVE patch
Yesterday was released the CVE-2012-6687[1] who report possible DOS attacks
allowed by fastcgi 2.4.0. As far as I can see, it's our version in ports.
Attached a patch integrate the fix :
https://launchpadlibrarian.net/93064712/poll.patch
[1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6687
--- Comment #1 from Bugzilla Automation <bugzilla at FreeBSD.org> ---
Maintainer CC'd
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list