Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 1 Sep 2011 20:47:19 +0100
From:      Chris Rees <crees@freebsd.org>
To:        Andrey Chernov <ache@freebsd.org>, Chris Rees <crees@freebsd.org>, ports-committers@freebsd.org, cvs-ports@freebsd.org, cvs-all@freebsd.org
Subject:   Re: cvs commit: ports/security/vuxml vuln.xml
Message-ID:  <CADLo838Pa6zCtAaw94xE2mQcNY-4yCNDiszOXUy6QYWXJHdhrg@mail.gmail.com>
In-Reply-To: <20110901194253.GA84679@vniz.net>
References:  <201109011906.p81J6RVU069402@repoman.freebsd.org> <20110901194253.GA84679@vniz.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On 1 September 2011 20:42, Andrey Chernov <ache@freebsd.org> wrote:
> On Thu, Sep 01, 2011 at 07:06:27PM +0000, Chris Rees wrote:
>> crees =A0 =A0 =A0 2011-09-01 19:06:27 UTC
>>
>> =A0 FreeBSD ports repository
>>
>> =A0 Modified files:
>> =A0 =A0 security/vuxml =A0 =A0 =A0 vuln.xml
>> =A0 Log:
>> =A0 Correct range for apache22, 2.2.20 is fixed and 1.3 wasn't affected.
>>
>
> According to http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2011-319=
2
> 1.3 _is_ affected and there will be no fix for 1.3:
> "Note that, while popular, Apache 1.3 is deprecated." (from
> announce@httpd advisory about ranges bug).
>

Yeah, there's an update from yesterday at

https://people.apache.org/~dirkx/CVE-2011-3192.txt

Perhaps I should have put the link rather than the CVE name, sorry.

Although there's a problem with apache13, it's no longer a
showstopper, just causes slowdowns.

Chris



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADLo838Pa6zCtAaw94xE2mQcNY-4yCNDiszOXUy6QYWXJHdhrg>