cvs commit: ports/security/vuxml vuln.xml
Sergey Matveychuk
sem at FreeBSD.org
Sun Jul 30 15:47:58 UTC 2006
Simon L. Nielsen wrote:
> On 2006.07.30 19:32:32 +0400, Sergey Matveychuk wrote:
>> Simon L. Nielsen wrote:
>>> simon 2006-07-28 21:59:23 UTC
>>>
>>> FreeBSD ports repository
>>>
>>> Modified files:
>>> security/vuxml vuln.xml
>>> Log:
>>> Document apache -- mod_rewrite ldap buffer overflow vulnerability.
>>>
>>> Thanks to remko for doing initial list of apache package names in an
>>> earlier VuXML entry.
>>>
>>> Revision Changes Path
>>> 1.1085 +100 -1 ports/security/vuxml/vuln.xml
>> Simon, looks like you use wrong comparing operator tags in the entry.
>> 1.3.28, 2.0.46 and 2.2.0 are not affected versions, so here should be
>> <gt>, not <ge>.
>
> I'm pretty sure they are correct since those versions are affected.
> From [1]:
>
> An off-by-one flaw exists in the Rewrite module, mod_rewrite,
> as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and
> 2.2 since 2.2.0.
>
> [1] http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=115409818602955
>
Oh, sorry, I'm wrong.
--
Dixi.
Sem.
More information about the cvs-all
mailing list