cvs commit: ports/security/vuxml vuln.xml
Simon L. Nielsen
simon at FreeBSD.org
Sun Jul 30 15:42:23 UTC 2006
On 2006.07.30 19:32:32 +0400, Sergey Matveychuk wrote:
> Simon L. Nielsen wrote:
> > simon 2006-07-28 21:59:23 UTC
> >
> > FreeBSD ports repository
> >
> > Modified files:
> > security/vuxml vuln.xml
> > Log:
> > Document apache -- mod_rewrite ldap buffer overflow vulnerability.
> >
> > Thanks to remko for doing initial list of apache package names in an
> > earlier VuXML entry.
> >
> > Revision Changes Path
> > 1.1085 +100 -1 ports/security/vuxml/vuln.xml
>
> Simon, looks like you use wrong comparing operator tags in the entry.
> 1.3.28, 2.0.46 and 2.2.0 are not affected versions, so here should be
> <gt>, not <ge>.
I'm pretty sure they are correct since those versions are affected.
>From [1]:
An off-by-one flaw exists in the Rewrite module, mod_rewrite,
as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and
2.2 since 2.2.0.
[1] http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=115409818602955
--
Simon L. Nielsen
More information about the cvs-all
mailing list