Hi all, There has been another vulnerability [1] discovered in apache2. This affects only version 2.0.51 (where it was introduced). The ports tree is frozen, pending 5.3-R, so I assume that an update of the apache2 port to 2.0.52 is not forthcoming any time soon. The question is this -- since the apache2 in the ports tree is 2.0.50 plus patches, does the version in the ports tree have this vulnerability? It seems that it only would if the patches to 2.0.50 introduced the vulnerability... Does anyone know? Thanks! --eli -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 224 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20040930/78bae5c2/attachment.bin
no. you can tell by PORTVERSION in the Makefile. On Thu, Sep 30, 2004 at 01:45:16PM -0700, Eli Dart wrote:> Hi all, > > There has been another vulnerability [1] discovered in apache2. This > affects only version 2.0.51 (where it was introduced). The ports > tree is frozen, pending 5.3-R, so I assume that an update of the > apache2 port to 2.0.52 is not forthcoming any time soon. > > The question is this -- since the apache2 in the ports tree is 2.0.50 > plus patches, does the version in the ports tree have this > vulnerability? It seems that it only would if the patches to 2.0.50 > introduced the vulnerability... Does anyone know? > > Thanks! > > --eli > > > >-- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology Yale University School of Medicine SenseLab | Research Assistant http://cowbert.2y.net/
Apparently Analagous Threads
- Mozilla 1.0.4 security update (Just install it, will keep all settings) + Important note from me,please read,those uninterested,please dont flame ;)
- OpenSSH-portable <= 3.6.1p1 bug?
- Found security expliot in port phpBB 2.0.8 FreeBSD4.10
- openssh
- PAM fails to change user password