Date: Thu, 28 Jul 2005 18:16:26 +0900 (JST) From: KOMATSU Shinichiro <koma2@lovepeers.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/84214: security/vuxml: entry for apache http request smuggling is incorrect Message-ID: <20050728091626.03A6756508@ksta.ms.u-tokyo.ac.jp> Resent-Message-ID: <200507280920.j6S9KIAo085420@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 84214
>Category: ports
>Synopsis: security/vuxml: entry for apache http request smuggling is incorrect
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jul 28 09:20:18 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: KOMATSU Shinichiro
>Release: FreeBSD 5.4-RELEASE-p5 i386
>Organization:
>Environment:
FreeBSD 5.4-RELEASE-p5 i386
>Description:
Cannot build www/apache2 with the following error,
even if www/apache2 was updated to the latest (apache-2.0.54_2):
% cd /usr/ports/www/apache2
% make install
...(snip)...
===> apache-2.0.54_2 has known vulnerabilities:
=> apache -- http request smuggling.
Reference: <http://www.FreeBSD.org/ports/portaudit/651996e0-fe07-11d9-8329-000e0c2e438a.html>;
=> Please update your ports tree and try again.
*** Error code 1
Stop in /usr/local/ports/www/apache2.
>How-To-Repeat:
>Fix:
Index: vuln.xml
===================================================================
RCS file: /home/ncvs/ports/security/vuxml/vuln.xml,v
retrieving revision 1.751
diff -u -r1.751 vuln.xml
--- vuln.xml 28 Jul 2005 04:22:14 -0000 1.751
+++ vuln.xml 28 Jul 2005 07:57:28 -0000
@@ -38,7 +38,7 @@
<package>
<name>apache</name>
<range><lt>2.0.54_1</lt></range>
- <range><lt>2.1.6_1</lt></range>
+ <range><ge>2.1.*</ge><lt>2.1.6_1</lt></range>
</package>
<package>
<name>apache+ipv6</name>
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050728091626.03A6756508>