Re: Is apache24-2.4.54 vulnerable ?

From: Masachika ISHIZUKA <ish_at_amail.plala.or.jp>
Date: Fri, 10 Jun 2022 12:16:15 UTC
> seems to be tagged so by vulnxml, but all this CVE are addressed and
> fixed  by 2.4.54 (https://downloads.apache.org/httpd/CHANGES_2.4.54)
> 
>>>> % pkg audit -F
>>>> vulnxml file up-to-date
>>>> apache24-2.4.54 is vulnerable:
>>>>
  [snip]
>>
>> vuln-2022.xml:
>>    <affects>
>>      <package>
>>      <name>apache24</name>
>>      <range><lt>2.5.54</lt></range>   <------- 2.4.54 ???
>>      </package> ~~~~~~
>>    </affects>

  Thank you for reply.

  vulnxml was fixed by 0bb1abdb20498df239e15e7f9e9eec33e2eec499.
-- 
Masachika ISHIZUKA