Re: Is apache24-2.4.54 vulnerable ?

From: Peter Blok <pblok_at_bsd4all.org>
Date: Fri, 10 Jun 2022 14:36:16 UTC
I think the question is this a typo in the vuln-2022.xml, because the changelog shows the CVE are fixed in 2.4.54



> On 10 Jun 2022, at 15:20, Wall, Stephen <stephen.wall@redcom.com> wrote:
> 
>> vuln-2022.xml:
>>  <affects>
>>    <package>
>>    <name>apache24</name>
>>    <range><lt>2.5.54</lt></range>   <------- 2.4.54 ???
>>    </package> ~~~~~~
>>  </affects>
>> --
>> Masachika ISHIZUKA
> 
> `<lt>` indicates it affects versions less than 2.5.54.
> 
> 
> -spw