From owner-freebsd-apache@FreeBSD.ORG Thu Aug 2 02:30:15 2012 Return-Path: Delivered-To: apache@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AFA6B106564A for ; Thu, 2 Aug 2012 02:30:15 +0000 (UTC) (envelope-from pgollucci@p6m7g8.com) Received: from mail-qc0-f182.google.com (mail-qc0-f182.google.com [209.85.216.182]) by mx1.freebsd.org (Postfix) with ESMTP id 6546C8FC0A for ; Thu, 2 Aug 2012 02:30:15 +0000 (UTC) Received: by qcsg15 with SMTP id g15so6088200qcs.13 for ; Wed, 01 Aug 2012 19:30:14 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=JmKBXhVlQjFoixhdLrZ6ioYcmI0apf3KzvVU8nYTwmg=; b=LnZoII7L02DRy4PeqcK/jaCILiXccdCBPrF4dZbD7NfGsCNLijJgPVQ/FaWYkVDfis aQVhZKSY1Fd/84/NdfZqqsJwsqvhTA0YkZxVQC/AfBXVLQexIs2KsIasdn3YV+Q5Fmkf cwhG+Vddj4N+S1TLTCw3HwU16hJlGFPzA7dFPX7CaGbgUPxjJ662v6PttxENchBao1bZ pika4VUxOzsszOzWmHi0uWMWNfjDNvfH/CE4ve3hY36TkvkK9fw+NTRVro484ZL6J8cU oaCx+xLXqcZ3YYTMX+mE6V5aZ0bAVSZxaWZNhWzbY10oRi6a5bkatwGInY+oajs6Wn5X 1szA== MIME-Version: 1.0 Received: by 10.224.208.73 with SMTP id gb9mr22880941qab.53.1343874614441; Wed, 01 Aug 2012 19:30:14 -0700 (PDT) Received: by 10.49.16.4 with HTTP; Wed, 1 Aug 2012 19:30:14 -0700 (PDT) X-Originating-IP: [68.101.40.130] In-Reply-To: <20120802022815.GA11600@atarininja.org> References: <7c8467ef6164399c7fc1d11960768453@nyi.unixathome.org> <20120802022815.GA11600@atarininja.org> Date: Thu, 2 Aug 2012 02:30:14 +0000 Message-ID: From: "Philip M. Gollucci" To: Wesley Shields X-Gm-Message-State: ALoCoQlSS42ocxXs7lP04WKy8+Oukm49mTtCoPukncD1DDUo7DF0JLt+nwvJL/C8FqDluo5erTF9 Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: ports-security@freebsd.org, apache@freebsd.org Subject: Re: Apache 2.2.22 vuln X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2012 02:30:15 -0000 Sorry, Wesley, E-notime. However, I'read and agree with your patch. Go head. I would actually mark www/apache20 as forbidden every should be on www/apache22 anyway. Esp with the hopeful drop of www/apache24 sometime. Thanks for the work though. On Thu, Aug 2, 2012 at 2:28 AM, Wesley Shields wrote: > On Wed, Aug 01, 2012 at 11:48:02AM -0400, Dan Langille wrote: > > This post to apache@ seems to indicate that Apache 2.2.22 is vulnerable > > > > > > http://lists.freebsd.org/pipermail/freebsd-apache/2012-June/002778.html > > Would someone from apache@ please commit the patch at [1] to > www/apache22. I will be committing a VuXML about this. I will also be > marking www/apache20 as vulnerable because AFAIK it is but there's no > official patch for it. If I don't see it committed by Friday evening > (GMT-5) I will just do it myself. > > [1]: > > http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/support/envvars-std.in?r1=421103&r2=1341651 > > -- WXS > _______________________________________________ > freebsd-apache@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-apache > To unsubscribe, send any mail to "freebsd-apache-unsubscribe@freebsd.org" > -- --------------------------------------------------------------------------------------------- 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C Philip M. Gollucci (pgollucci@p6m7g8.com) c: 703.336.9354 Member, Apache Software Foundation Committer, FreeBSD Foundation Consultant, P6M7G8 Inc. Director Operations, Ridecharge Inc. Work like you don't need the money, love like you'll never get hurt, and dance like nobody's watching.