Apache 2.2.22 vuln

Philip M. Gollucci pgollucci at p6m7g8.com
Thu Aug 2 02:30:15 UTC 2012


Sorry, Wesley, E-notime.  However, I'read and agree with your patch.  Go
head.
I would actually mark www/apache20 as forbidden every should be on
www/apache22 anyway.
Esp with the hopeful drop of www/apache24 sometime.

Thanks for the work though.


On Thu, Aug 2, 2012 at 2:28 AM, Wesley Shields <wxs at freebsd.org> wrote:

> On Wed, Aug 01, 2012 at 11:48:02AM -0400, Dan Langille wrote:
> > This post to apache@ seems to indicate that Apache 2.2.22 is vulnerable
> >
> >
> > http://lists.freebsd.org/pipermail/freebsd-apache/2012-June/002778.html
>
> Would someone from apache@ please commit the patch at [1] to
> www/apache22. I will be committing a VuXML about this. I will also be
> marking www/apache20 as vulnerable because AFAIK it is but there's no
> official patch for it. If I don't see it committed by Friday evening
> (GMT-5) I will just do it myself.
>
> [1]:
>
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/support/envvars-std.in?r1=421103&r2=1341651
>
> -- WXS
> _______________________________________________
> freebsd-apache at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-apache
> To unsubscribe, send any mail to "freebsd-apache-unsubscribe at freebsd.org"
>



-- 
---------------------------------------------------------------------------------------------
1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70  3F8C 75B8 8FFB DB9B 8C1C
Philip M. Gollucci (pgollucci at p6m7g8.com) c: 703.336.9354
Member,                           Apache Software Foundation
Committer,                        FreeBSD Foundation
Consultant,                       P6M7G8 Inc.
Director Operations,      Ridecharge Inc.

Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.


More information about the freebsd-apache mailing list