From nobody Thu Jun 09 23:15:07 2022 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 8DA1483ABEF for ; Thu, 9 Jun 2022 23:15:26 +0000 (UTC) (envelope-from ish@amail.plala.or.jp) Received: from msc11.plala.or.jp (msc11.plala.or.jp [IPv6:2400:7800:0:502e::21]) by mx1.freebsd.org (Postfix) with ESMTP id 4LK0Lh5dQDz4byD for ; Thu, 9 Jun 2022 23:15:24 +0000 (UTC) (envelope-from ish@amail.plala.or.jp) Received: from localhost ([2400:4050:9320:7a00::8]) by msc11.plala.or.jp with ESMTP id <20220609231515.KVBN31769.msc11.plala.or.jp@localhost> for ; Fri, 10 Jun 2022 08:15:15 +0900 Date: Fri, 10 Jun 2022 08:15:07 +0900 (JST) Message-Id: <20220610.081507.1134393150579572029.ish@amail.plala.or.jp> To: freebsd-security@freebsd.org Subject: Is apache24-2.4.54 vulnerable ? From: Masachika ISHIZUKA X-Mailer: Mew version 6.8 on Emacs 28.1 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-VirusScan: Outbound; mvir-ac11; Fri, 10 Jun 2022 08:15:15 +0900 X-Rspamd-Queue-Id: 4LK0Lh5dQDz4byD X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of ish@amail.plala.or.jp designates 2400:7800:0:502e::21 as permitted sender) smtp.mailfrom=ish@amail.plala.or.jp X-Spamd-Result: default: False [0.84 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.99)[-0.985]; FROM_HAS_DN(0.00)[]; MV_CASE(0.50)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; DMARC_NA(0.00)[plala.or.jp]; R_SPF_ALLOW(-0.20)[+ip6:2400:7800:0:502e::/60]; MID_CONTAINS_FROM(1.00)[]; NEURAL_SPAM_SHORT(0.52)[0.521]; MLMMJ_DEST(0.00)[freebsd-security]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:4713, ipnet:2400:7800::/32, country:JP]; SUBJECT_ENDS_QUESTION(1.00)[]; RCVD_COUNT_TWO(0.00)[2] X-ThisMailContainsUnwantedMimeParts: N % uname -a FreeBSD peach.ish.org 13.1-RELEASE FreeBSD 13.1-RELEASE releng/13.1-n250148-fc952ac2212 GENERIC amd64 % pkg audit -F vulnxml file up-to-date apache24-2.4.54 is vulnerable: Apache httpd -- Multiple vulnerabilities CVE: CVE-2022-26377 CVE: CVE-2022-28330 CVE: CVE-2022-28614 CVE: CVE-2022-28615 CVE: CVE-2022-29404 CVE: CVE-2022-30522 CVE: CVE-2022-30556 CVE: CVE-2022-31813 WWW: https://vuxml.FreeBSD.org/freebsd/49adfbe5-e7d1-11ec-8fbd-d4c9ef517024.html 1 problem(s) in 1 installed package(s) found. Is this report true for apache24-2.4.54 ? -- Masachika ISHIZUKA