update info on ports

Svein Halvor Halvorsen svein.h at lvor.halvorsen.cc
Sun Jul 30 09:51:15 UTC 2006


dick hoogendijk wrote:
> Normally I upgrade my ports if I see new versions.
> But now I have a question: I saw a new apache22 version (apache-2.2.2_1)
> but on the apache site I could not find anything related to security bugs
> or whatever. I *did* find a version 2.2.3 though (not yet in ports!)
> 
> So now I wonder, what is the difference of port apache-2.2.2 and the
> latest one "apache-2.2.2_1"
> Imho it should be nice to have some kind of info file in the port telling
> the reasons to upgrade. Does anyone know?
> Or should I just wait for apache-2.2.3 (can't be that long).
> 

You should check out freshports.org

	Fix security issue in mod_rewrite.
	All people using mod_rewrite are strongly encouraged to update.

	An off-by-one flaw exists in the Rewrite module, mod_rewrite.
	Depending on the manner in which Apache httpd was compiled, this
	software defect may result in a vulnerability which, in
	combination with certain types of Rewrite rules in the web
	server configuration files, could be triggered remotely.  For
	vulnerable builds, the nature of the vulnerability can be denial
	of service (crashing of web server processes) or potentially
	allow arbitrary code execution. This issue has been rated as
	having important security impact by the Apache HTTP Server
	Security Team

	Updates to latest versions will follow soon.


In addition to show changelogs for the ports, freshports also lets you
"watch" one or more ports and be pinged whenever there's a new version.

You should also install portaudit. This will give a list of installed
ports on your system with known security issues. Also, if installed, it
will will warn you if you try to install a port with such issues, and
prompt you to update your ports tree.


	Svein Halvor

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20060730/cda744b0/signature.pgp


More information about the freebsd-questions mailing list