Date: Thu, 28 Jul 2005 18:16:26 +0900 (JST) From: KOMATSU Shinichiro <koma2@lovepeers.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/84214: security/vuxml: entry for apache http request smuggling is incorrect Message-ID: <20050728091626.03A6756508@ksta.ms.u-tokyo.ac.jp> Resent-Message-ID: <200507280920.j6S9KIAo085420@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 84214 >Category: ports >Synopsis: security/vuxml: entry for apache http request smuggling is incorrect >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jul 28 09:20:18 GMT 2005 >Closed-Date: >Last-Modified: >Originator: KOMATSU Shinichiro >Release: FreeBSD 5.4-RELEASE-p5 i386 >Organization: >Environment: FreeBSD 5.4-RELEASE-p5 i386 >Description: Cannot build www/apache2 with the following error, even if www/apache2 was updated to the latest (apache-2.0.54_2): % cd /usr/ports/www/apache2 % make install ...(snip)... ===> apache-2.0.54_2 has known vulnerabilities: => apache -- http request smuggling. Reference: <http://www.FreeBSD.org/ports/portaudit/651996e0-fe07-11d9-8329-000e0c2e438a.html> => Please update your ports tree and try again. *** Error code 1 Stop in /usr/local/ports/www/apache2. >How-To-Repeat: >Fix: Index: vuln.xml =================================================================== RCS file: /home/ncvs/ports/security/vuxml/vuln.xml,v retrieving revision 1.751 diff -u -r1.751 vuln.xml --- vuln.xml 28 Jul 2005 04:22:14 -0000 1.751 +++ vuln.xml 28 Jul 2005 07:57:28 -0000 @@ -38,7 +38,7 @@ <package> <name>apache</name> <range><lt>2.0.54_1</lt></range> - <range><lt>2.1.6_1</lt></range> + <range><ge>2.1.*</ge><lt>2.1.6_1</lt></range> </package> <package> <name>apache+ipv6</name> >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050728091626.03A6756508>