227111 2008-06-15 10:33 0000 www-servers/apache <2.2.9 CSRF and DoS (CVE-2007-6420,CVE-2008-2364) 2008-07-09 22:01:14 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://www.apache.org/dist/httpd/CHANGES_2.2.9 A3 [glsa] P2 normal --- 1 limanski@narod.ru security@gentoo.org apache-bugs@gentoo.org arm@gentoo.org s390@gentoo.org sh@gentoo.org limanski@narod.ru 2008-06-15 10:33:19 0000 Apache httpd 2.2.9 was released. It's bugfix release, some bugs are sequrity related. Reproducible: Always Steps to Reproduce: carlo@gentoo.org 2008-06-15 14:58:39 0000 *) SECURITY: CVE-2008-2364 (cve.mitre.org) mod_proxy_http: Better handling of excessive interim responses from origin server to prevent potential denial of service and high memory usage. Reported by Ryujiro Shibuya. [Ruediger Pluem, Joe Orton, Jim Jagielski] *) SECURITY: CVE-2007-6420 (cve.mitre.org) mod_proxy_balancer: Prevent CSRF attacks against the balancer-manager interface. [Joe Orton] carlo@gentoo.org 2008-06-15 15:23:57 0000 Eh, assign... hollow@gentoo.org 2008-06-15 16:10:14 0000 2.2.9 in cvs, ready for stabilization rbu@gentoo.org 2008-06-15 17:54:49 0000 Arches, please test and mark stable: =www-servers/apache-2.2.9 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release s390 sh sparc x86" dertobi123@gentoo.org 2008-06-15 19:00:13 0000 ppc stable jer@gentoo.org 2008-06-16 00:35:18 0000 Stable for HPPA. fauli@gentoo.org 2008-06-16 07:23:02 0000 x86 stable hollow@gentoo.org 2008-06-16 11:42:29 0000 amd64 stable armin76@gentoo.org 2008-06-16 13:32:30 0000 alpha/ia64/sparc stable ranger@gentoo.org 2008-06-16 16:16:54 0000 ppc64 done pva@gentoo.org 2008-06-16 16:49:02 0000 Fixed in release snapshot. rbu@gentoo.org 2008-07-09 22:01:14 0000 GLSA 200807-06