Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 30 Jul 2006 11:52:29 +0200
From:      Svein Halvor Halvorsen <svein.h@lvor.halvorsen.cc>
To:        dick hoogendijk <dick@nagual.nl>
Cc:        freebsd-questions <freebsd-questions@freebsd.org>
Subject:   Re: update info on ports
Message-ID:  <44CC815D.1080102@lvor.halvorsen.cc>
In-Reply-To: <20060730094353.GA6870@lothlorien.nagual.nl>
References:  <20060730094353.GA6870@lothlorien.nagual.nl>

next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigBFB96DFC77B410168335EE10
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

dick hoogendijk wrote:
> Normally I upgrade my ports if I see new versions.
> But now I have a question: I saw a new apache22 version (apache-2.2.2_1=
)
> but on the apache site I could not find anything related to security bu=
gs
> or whatever. I *did* find a version 2.2.3 though (not yet in ports!)
>=20
> So now I wonder, what is the difference of port apache-2.2.2 and the
> latest one "apache-2.2.2_1"
> Imho it should be nice to have some kind of info file in the port telli=
ng
> the reasons to upgrade. Does anyone know?
> Or should I just wait for apache-2.2.3 (can't be that long).
>=20

You should check out freshports.org

	Fix security issue in mod_rewrite.
	All people using mod_rewrite are strongly encouraged to update.

	An off-by-one flaw exists in the Rewrite module, mod_rewrite.
	Depending on the manner in which Apache httpd was compiled, this
	software defect may result in a vulnerability which, in
	combination with certain types of Rewrite rules in the web
	server configuration files, could be triggered remotely.  For
	vulnerable builds, the nature of the vulnerability can be denial
	of service (crashing of web server processes) or potentially
	allow arbitrary code execution. This issue has been rated as
	having important security impact by the Apache HTTP Server
	Security Team

	Updates to latest versions will follow soon.


In addition to show changelogs for the ports, freshports also lets you
"watch" one or more ports and be pinged whenever there's a new version.

You should also install portaudit. This will give a list of installed
ports on your system with known security issues. Also, if installed, it
will will warn you if you try to install a port with such issues, and
prompt you to update your ports tree.


	Svein Halvor


--------------enigBFB96DFC77B410168335EE10
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (FreeBSD)
Comment: mailto:pgpkey@svein.halvorsen.cc to get my PGP-key

iD8DBQFEzIFhhQg3vZGYu0ARArbVAJ9GA+8yJJbXin3OaOdTWEWr4irlcQCgp1nI
llD2xsKYLgJm7fhkY2DRjMM=
=+qek
-----END PGP SIGNATURE-----

--------------enigBFB96DFC77B410168335EE10--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44CC815D.1080102>