cvs commit: ports/security/vuxml vuln.xml

Simon L. Nielsen simon at FreeBSD.org
Sun Jul 30 15:42:23 UTC 2006


On 2006.07.30 19:32:32 +0400, Sergey Matveychuk wrote:
> Simon L. Nielsen wrote:
> > simon       2006-07-28 21:59:23 UTC
> > 
> >   FreeBSD ports repository
> > 
> >   Modified files:
> >     security/vuxml       vuln.xml 
> >   Log:
> >   Document apache -- mod_rewrite ldap buffer overflow vulnerability.
> >   
> >   Thanks to remko for doing initial list of apache package names in an
> >   earlier VuXML entry.
> >   
> >   Revision  Changes    Path
> >   1.1085    +100 -1    ports/security/vuxml/vuln.xml
> 
> Simon, looks like you use wrong comparing operator tags in the entry.
> 1.3.28, 2.0.46 and 2.2.0 are not affected versions, so here should be
> <gt>, not <ge>.

I'm pretty sure they are correct since those versions are affected.
>From [1]:

	An off-by-one flaw exists in the Rewrite module, mod_rewrite,
	as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and
	2.2 since 2.2.0.

[1] http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=115409818602955

-- 
Simon L. Nielsen


More information about the cvs-all mailing list