Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 30 Jul 2006 19:47:19 +0400
From:      Sergey Matveychuk <sem@FreeBSD.org>
To:        "Simon L. Nielsen" <simon@FreeBSD.org>
Cc:        cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org
Subject:   Re: cvs commit: ports/security/vuxml vuln.xml
Message-ID:  <44CCD487.7090306@FreeBSD.org>
In-Reply-To: <20060730154217.GF1116@zaphod.nitro.dk>
References:  <200607282159.k6SLxNOX000898@repoman.freebsd.org> <44CCD110.7080801@FreeBSD.org> <20060730154217.GF1116@zaphod.nitro.dk>

next in thread | previous in thread | raw e-mail | index | archive | help
Simon L. Nielsen wrote:
> On 2006.07.30 19:32:32 +0400, Sergey Matveychuk wrote:
>> Simon L. Nielsen wrote:
>>> simon       2006-07-28 21:59:23 UTC
>>>
>>>   FreeBSD ports repository
>>>
>>>   Modified files:
>>>     security/vuxml       vuln.xml 
>>>   Log:
>>>   Document apache -- mod_rewrite ldap buffer overflow vulnerability.
>>>   
>>>   Thanks to remko for doing initial list of apache package names in an
>>>   earlier VuXML entry.
>>>   
>>>   Revision  Changes    Path
>>>   1.1085    +100 -1    ports/security/vuxml/vuln.xml
>> Simon, looks like you use wrong comparing operator tags in the entry.
>> 1.3.28, 2.0.46 and 2.2.0 are not affected versions, so here should be
>> <gt>, not <ge>.
> 
> I'm pretty sure they are correct since those versions are affected.
> From [1]:
> 
> 	An off-by-one flaw exists in the Rewrite module, mod_rewrite,
> 	as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and
> 	2.2 since 2.2.0.
> 
> [1] http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=115409818602955
> 

Oh, sorry, I'm wrong.

-- 
Dixi.
Sem.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44CCD487.7090306>