cvs commit: ports/security/vuxml vuln.xml
Chris Rees
crees at freebsd.org
Thu Sep 1 19:47:50 UTC 2011
On 1 September 2011 20:42, Andrey Chernov <ache at freebsd.org> wrote:
> On Thu, Sep 01, 2011 at 07:06:27PM +0000, Chris Rees wrote:
>> crees 2011-09-01 19:06:27 UTC
>>
>> FreeBSD ports repository
>>
>> Modified files:
>> security/vuxml vuln.xml
>> Log:
>> Correct range for apache22, 2.2.20 is fixed and 1.3 wasn't affected.
>>
>
> According to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
> 1.3 _is_ affected and there will be no fix for 1.3:
> "Note that, while popular, Apache 1.3 is deprecated." (from
> announce at httpd advisory about ranges bug).
>
Yeah, there's an update from yesterday at
https://people.apache.org/~dirkx/CVE-2011-3192.txt
Perhaps I should have put the link rather than the CVE name, sorry.
Although there's a problem with apache13, it's no longer a
showstopper, just causes slowdowns.
Chris
More information about the cvs-ports
mailing list