cvs commit: ports/security/vuxml vuln.xml
Chris Rees
crees at freebsd.org
Fri Sep 2 07:32:20 UTC 2011
On 2 Sep 2011 00:52, "Doug Barton" <dougb at freebsd.org> wrote:
>
> On 09/01/2011 12:47, Chris Rees wrote:
> > On 1 September 2011 20:42, Andrey Chernov <ache at freebsd.org> wrote:
> >> On Thu, Sep 01, 2011 at 07:06:27PM +0000, Chris Rees wrote:
> >>> crees 2011-09-01 19:06:27 UTC
> >>>
> >>> FreeBSD ports repository
> >>>
> >>> Modified files:
> >>> security/vuxml vuln.xml
> >>> Log:
> >>> Correct range for apache22, 2.2.20 is fixed and 1.3 wasn't affected.
> >>>
> >>
> >> According to
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
> >> 1.3 _is_ affected and there will be no fix for 1.3:
> >> "Note that, while popular, Apache 1.3 is deprecated." (from
> >> announce at httpd advisory about ranges bug).
> >>
> >
> > Yeah, there's an update from yesterday at
> >
> > https://people.apache.org/~dirkx/CVE-2011-3192.txt
> >
> > Perhaps I should have put the link rather than the CVE name, sorry.
> >
> > Although there's a problem with apache13, it's no longer a
> > showstopper, just causes slowdowns.
>
> Isn't encouraging people to move away from 1.3 a good thing, regardless?
I don't see how exaggerating a problem and giving apache13 users perpetual
daily whines from portaudit is constructive or fair.
Chris
More information about the cvs-ports
mailing list