Re: Is apache24-2.4.54 vulnerable ?
- Reply: Wall, Stephen: "RE: Is apache24-2.4.54 vulnerable ?"
- In reply to: moto kawasaki : "Re: Is apache24-2.4.54 vulnerable ?"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 10 Jun 2022 00:54:48 UTC
>> % pkg audit -F >> vulnxml file up-to-date >> apache24-2.4.54 is vulnerable: >> Apache httpd -- Multiple vulnerabilities >> CVE: CVE-2022-26377 >> CVE: CVE-2022-28330 >> CVE: CVE-2022-28614 >> CVE: CVE-2022-28615 >> CVE: CVE-2022-29404 >> CVE: CVE-2022-30522 >> CVE: CVE-2022-30556 >> CVE: CVE-2022-31813 >> WWW: https://vuxml.FreeBSD.org/freebsd/49adfbe5-e7d1-11ec-8fbd-d4c9ef517024.html >> 1 problem(s) in 1 installed package(s) found. > > It seems like true for apache24-2.4.53 and prior, and fixed version is > ...2.4.54. > > See also Apache httpd's Security Reports page: > https://httpd.apache.org/security/vulnerabilities_24.html My question is that apache24-2.4.54 is shown vulnerable on security/vuxml 959028638c9e3236ab91a2d8865fb3893775a28a. vuln-2022.xml: <affects> <package> <name>apache24</name> <range><lt>2.5.54</lt></range> <------- 2.4.54 ??? </package> ~~~~~~ </affects> -- Masachika ISHIZUKA