ports/72161: vuln.xml bug - CAN-2004-0492 vulnerability was fixed already in apache-1.3.31_1.
KOJIMA Hajime
kjm at rins.ryukoku.ac.jp
Wed Sep 29 02:40:27 UTC 2004
>Number: 72161
>Category: ports
>Synopsis: vuln.xml bug - CAN-2004-0492 vulnerability was fixed already in apache-1.3.31_1.
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: doc-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Sep 29 02:40:26 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: KOJIMA Hajime
>Release: FreeBSD 4.8-RELEASE-p24 i386
>Organization:
Ryukoku University
>Environment:
System: FreeBSD ideon.st.ryukoku.ac.jp 4.8-RELEASE-p24 FreeBSD 4.8-RELEASE-p24 #5: Sat Jul 17 01:39:47 JST 2004 kjm at ideon.st.ryukoku.ac.jp:/usr/obj/usr/src/sys/IDEON-48 i386
>Description:
portaudit: apache -- heap overflow in mod_proxy
http://www.FreeBSD.org/ports/portaudit/ca6c8f35-0a5f-11d9-ad6f-00061bc2ad93.html
shows as "Affects: apache <=1.3.31_6", but
CAN-2004-0492 vulnerability was fixed already in apache-1.3.31_1.
portaudit uses this data, and I cannot install "www/apache13" port.
>How-To-Repeat:
http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/apache13/Makefile?rev=1.151&content-type=text/x-cvsweb-markup
>Fix:
change vuln.xml from:
<vuln vid="ca6c8f35-0a5f-11d9-ad6f-00061bc2ad93">
<topic>apache -- heap overflow in mod_proxy</topic>
<affects>
<package>
<name>apache</name>
<range><le>1.3.31_6</le></range>
</package>
</affects>
to:
<vuln vid="ca6c8f35-0a5f-11d9-ad6f-00061bc2ad93">
<topic>apache -- heap overflow in mod_proxy</topic>
<affects>
<package>
<name>apache</name>
<range><lt>1.3.31_1</lt></range>
</package>
</affects>
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list