From owner-cvs-all@FreeBSD.ORG  Thu Sep  1 23:52:15 2011
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35])
	by hub.freebsd.org (Postfix) with ESMTP id D9733106564A;
	Thu,  1 Sep 2011 23:52:15 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from 172-17-198-245.globalsuite.net (hub.freebsd.org
	[IPv6:2001:4f8:fff6::36])
	by mx2.freebsd.org (Postfix) with ESMTP id 3619015044A;
	Thu,  1 Sep 2011 23:52:13 +0000 (UTC)
Message-ID: <4E601AAB.90903@FreeBSD.org>
Date: Thu, 01 Sep 2011 16:52:11 -0700
From: Doug Barton <dougb@FreeBSD.org>
Organization: http://SupersetSolutions.com/
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
	rv:6.0.1) Gecko/20110901 Thunderbird/6.0.1
MIME-Version: 1.0
To: Chris Rees <crees@freebsd.org>
References: <201109011906.p81J6RVU069402@repoman.freebsd.org>
	<20110901194253.GA84679@vniz.net>
	<CADLo838Pa6zCtAaw94xE2mQcNY-4yCNDiszOXUy6QYWXJHdhrg@mail.gmail.com>
In-Reply-To: <CADLo838Pa6zCtAaw94xE2mQcNY-4yCNDiszOXUy6QYWXJHdhrg@mail.gmail.com>
X-Enigmail-Version: undefined
OpenPGP: id=1A1ABC84
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: cvs-ports@freebsd.org, Andrey Chernov <ache@freebsd.org>,
	cvs-all@freebsd.org, ports-committers@freebsd.org
Subject: Re: cvs commit: ports/security/vuxml vuln.xml
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the entire tree
	<cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Sep 2011 23:52:16 -0000

On 09/01/2011 12:47, Chris Rees wrote:
> On 1 September 2011 20:42, Andrey Chernov <ache@freebsd.org> wrote:
>> On Thu, Sep 01, 2011 at 07:06:27PM +0000, Chris Rees wrote:
>>> crees       2011-09-01 19:06:27 UTC
>>>
>>>   FreeBSD ports repository
>>>
>>>   Modified files:
>>>     security/vuxml       vuln.xml
>>>   Log:
>>>   Correct range for apache22, 2.2.20 is fixed and 1.3 wasn't affected.
>>>
>>
>> According to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
>> 1.3 _is_ affected and there will be no fix for 1.3:
>> "Note that, while popular, Apache 1.3 is deprecated." (from
>> announce@httpd advisory about ranges bug).
>>
> 
> Yeah, there's an update from yesterday at
> 
> https://people.apache.org/~dirkx/CVE-2011-3192.txt
> 
> Perhaps I should have put the link rather than the CVE name, sorry.
> 
> Although there's a problem with apache13, it's no longer a
> showstopper, just causes slowdowns.

Isn't encouraging people to move away from 1.3 a good thing, regardless?


Doug

-- 

	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)  http://SupersetSolutions.com/