From owner-freebsd-security@FreeBSD.ORG Thu Sep 30 20:45:20 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D85F416A4D3 for ; Thu, 30 Sep 2004 20:45:20 +0000 (GMT) Received: from mx2.nersc.gov (mx2.nersc.gov [128.55.6.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id B72BA43D1F for ; Thu, 30 Sep 2004 20:45:20 +0000 (GMT) (envelope-from dart@nersc.gov) Received: by mx2.nersc.gov (Postfix, from userid 4002) id 7B8AA774C; Thu, 30 Sep 2004 13:45:20 -0700 (PDT) Received: from mx2.nersc.gov (localhost [127.0.0.1]) by localhost.nersc.gov (Postfix) with ESMTP id 5BA51775C for ; Thu, 30 Sep 2004 13:45:17 -0700 (PDT) Received: from gemini.nersc.gov (gemini.nersc.gov [128.55.16.111]) by mx2.nersc.gov (Postfix) with ESMTP id 14B92774C for ; Thu, 30 Sep 2004 13:45:17 -0700 (PDT) Received: from gemini.nersc.gov (localhost [127.0.0.1]) by gemini.nersc.gov (Postfix) with ESMTP id EB577F987 for ; Thu, 30 Sep 2004 13:45:16 -0700 (PDT) X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4 To: freebsd-security@freebsd.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_-1016627792P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Thu, 30 Sep 2004 13:45:16 -0700 From: Eli Dart Message-Id: <20040930204516.EB577F987@gemini.nersc.gov> X-Spam-Level: X-Spam-Status: No, hits=-4.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.60 X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on mx2.nersc.gov Subject: apache2 port X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Sep 2004 20:45:21 -0000 --==_Exmh_-1016627792P Content-Type: text/plain; charset=us-ascii Hi all, There has been another vulnerability [1] discovered in apache2. This affects only version 2.0.51 (where it was introduced). The ports tree is frozen, pending 5.3-R, so I assume that an update of the apache2 port to 2.0.52 is not forthcoming any time soon. The question is this -- since the apache2 in the ports tree is 2.0.50 plus patches, does the version in the ports tree have this vulnerability? It seems that it only would if the patches to 2.0.50 introduced the vulnerability... Does anyone know? Thanks! --eli --==_Exmh_-1016627792P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) Comment: Exmh version 2.5 07/13/2001 iD8DBQFBXHBcLTFEeF+CsrMRAjtmAJ9ClRARO8wY1TbRkr+pdhiGsEQf7ACfW8HO g4c92+XqeA75fQVTnuLu8i8= =XVxW -----END PGP SIGNATURE----- --==_Exmh_-1016627792P--