Date: Sun, 30 Jul 2006 17:42:18 +0200 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: Sergey Matveychuk <sem@FreeBSD.org> Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml Message-ID: <20060730154217.GF1116@zaphod.nitro.dk> In-Reply-To: <44CCD110.7080801@FreeBSD.org> References: <200607282159.k6SLxNOX000898@repoman.freebsd.org> <44CCD110.7080801@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2006.07.30 19:32:32 +0400, Sergey Matveychuk wrote: > Simon L. Nielsen wrote: > > simon 2006-07-28 21:59:23 UTC > > > > FreeBSD ports repository > > > > Modified files: > > security/vuxml vuln.xml > > Log: > > Document apache -- mod_rewrite ldap buffer overflow vulnerability. > > > > Thanks to remko for doing initial list of apache package names in an > > earlier VuXML entry. > > > > Revision Changes Path > > 1.1085 +100 -1 ports/security/vuxml/vuln.xml > > Simon, looks like you use wrong comparing operator tags in the entry. > 1.3.28, 2.0.46 and 2.2.0 are not affected versions, so here should be > <gt>, not <ge>. I'm pretty sure they are correct since those versions are affected. >From [1]: An off-by-one flaw exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0. [1] http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=115409818602955 -- Simon L. Nielsen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060730154217.GF1116>