Date: Thu, 01 Sep 2011 16:52:11 -0700 From: Doug Barton <dougb@FreeBSD.org> To: Chris Rees <crees@freebsd.org> Cc: cvs-ports@freebsd.org, Andrey Chernov <ache@freebsd.org>, cvs-all@freebsd.org, ports-committers@freebsd.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml Message-ID: <4E601AAB.90903@FreeBSD.org> In-Reply-To: <CADLo838Pa6zCtAaw94xE2mQcNY-4yCNDiszOXUy6QYWXJHdhrg@mail.gmail.com> References: <201109011906.p81J6RVU069402@repoman.freebsd.org> <20110901194253.GA84679@vniz.net> <CADLo838Pa6zCtAaw94xE2mQcNY-4yCNDiszOXUy6QYWXJHdhrg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 09/01/2011 12:47, Chris Rees wrote: > On 1 September 2011 20:42, Andrey Chernov <ache@freebsd.org> wrote: >> On Thu, Sep 01, 2011 at 07:06:27PM +0000, Chris Rees wrote: >>> crees 2011-09-01 19:06:27 UTC >>> >>> FreeBSD ports repository >>> >>> Modified files: >>> security/vuxml vuln.xml >>> Log: >>> Correct range for apache22, 2.2.20 is fixed and 1.3 wasn't affected. >>> >> >> According to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 >> 1.3 _is_ affected and there will be no fix for 1.3: >> "Note that, while popular, Apache 1.3 is deprecated." (from >> announce@httpd advisory about ranges bug). >> > > Yeah, there's an update from yesterday at > > https://people.apache.org/~dirkx/CVE-2011-3192.txt > > Perhaps I should have put the link rather than the CVE name, sorry. > > Although there's a problem with apache13, it's no longer a > showstopper, just causes slowdowns. Isn't encouraging people to move away from 1.3 a good thing, regardless? Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E601AAB.90903>