ports/156997: www/apache22 is vulnerable
ohauer at gmx.de
Fri May 13 20:29:34 UTC 2011
On 2011-05-13 11:22, Jeremy Chadwick wrote:
> On Fri, May 13, 2011 at 09:10:29AM +0000, edwin at FreeBSD.org wrote:
>> Synopsis: www/apache22 is vulnerable
>> Responsible-Changed-From-To: freebsd-ports-bugs->apache
>> Responsible-Changed-By: edwin
>> Responsible-Changed-When: Fri May 13 09:10:28 UTC 2011
>> Over to maintainer (via the GNATS Auto Assign Tool)
> Note: this should probably be modified to refer to devel/apr* (I'm not
> sure which port; apr0, apr1, or apr2 -- or maybe all of them), which is
> what the Apache port relies on.
> The security hole appears to be in apr_fnmatch(), so ultimately what
> needs to be fixed is/are the apr port(s).
yes, this issue is apr1 related.
I just start working on a patch for the update of apr1 and apache22.
More information about the freebsd-apache