cvs commit: ports/security/vuxml vuln.xml
Doug Barton
dougb at FreeBSD.org
Thu Sep 1 23:52:16 UTC 2011
On 09/01/2011 12:47, Chris Rees wrote:
> On 1 September 2011 20:42, Andrey Chernov <ache at freebsd.org> wrote:
>> On Thu, Sep 01, 2011 at 07:06:27PM +0000, Chris Rees wrote:
>>> crees 2011-09-01 19:06:27 UTC
>>>
>>> FreeBSD ports repository
>>>
>>> Modified files:
>>> security/vuxml vuln.xml
>>> Log:
>>> Correct range for apache22, 2.2.20 is fixed and 1.3 wasn't affected.
>>>
>>
>> According to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
>> 1.3 _is_ affected and there will be no fix for 1.3:
>> "Note that, while popular, Apache 1.3 is deprecated." (from
>> announce at httpd advisory about ranges bug).
>>
>
> Yeah, there's an update from yesterday at
>
> https://people.apache.org/~dirkx/CVE-2011-3192.txt
>
> Perhaps I should have put the link rather than the CVE name, sorry.
>
> Although there's a problem with apache13, it's no longer a
> showstopper, just causes slowdowns.
Isn't encouraging people to move away from 1.3 a good thing, regardless?
Doug
--
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
More information about the cvs-all
mailing list