From owner-cvs-all@FreeBSD.ORG  Thu Sep  1 19:47:50 2011
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4F9B1106566C;
	Thu,  1 Sep 2011 19:47:50 +0000 (UTC)
	(envelope-from utisoft@gmail.com)
Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com
	[209.85.210.182])
	by mx1.freebsd.org (Postfix) with ESMTP id D9A688FC17;
	Thu,  1 Sep 2011 19:47:49 +0000 (UTC)
Received: by iadx2 with SMTP id x2so3003500iad.13
	for <multiple recipients>; Thu, 01 Sep 2011 12:47:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=mime-version:sender:in-reply-to:references:from:date
	:x-google-sender-auth:message-id:subject:to:content-type
	:content-transfer-encoding;
	bh=cpbaJuFPh9IwqY84XfAo1QSDBQugk8HiFT3zx9eP60Q=;
	b=RCbB0a0P1am/Acn66A8IsFCopnVUicXbxODKCxxtGMSpPKTlryLoQSAZW8mY4aZjOD
	XfYdJInzJamrtTlOijWLOvDzr/RFE0YbjG4jOwcsTL54QOW1tY6hnZcW5R3D15dNy7d0
	8JE2D8txVvfv6ZHNskfO8n/Mi5xXD16M63e8E=
Received: by 10.231.66.85 with SMTP id m21mr393739ibi.53.1314906469104; Thu,
	01 Sep 2011 12:47:49 -0700 (PDT)
MIME-Version: 1.0
Sender: utisoft@gmail.com
Received: by 10.231.61.148 with HTTP; Thu, 1 Sep 2011 12:47:19 -0700 (PDT)
In-Reply-To: <20110901194253.GA84679@vniz.net>
References: <201109011906.p81J6RVU069402@repoman.freebsd.org>
	<20110901194253.GA84679@vniz.net>
From: Chris Rees <crees@freebsd.org>
Date: Thu, 1 Sep 2011 20:47:19 +0100
X-Google-Sender-Auth: U76Gbq9BlmTnNVitEMvLQa4xF7E
Message-ID: <CADLo838Pa6zCtAaw94xE2mQcNY-4yCNDiszOXUy6QYWXJHdhrg@mail.gmail.com>
To: Andrey Chernov <ache@freebsd.org>, Chris Rees <crees@freebsd.org>,
	ports-committers@freebsd.org, cvs-ports@freebsd.org, cvs-all@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: 
Subject: Re: cvs commit: ports/security/vuxml vuln.xml
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the entire tree
	<cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Sep 2011 19:47:50 -0000

On 1 September 2011 20:42, Andrey Chernov <ache@freebsd.org> wrote:
> On Thu, Sep 01, 2011 at 07:06:27PM +0000, Chris Rees wrote:
>> crees =A0 =A0 =A0 2011-09-01 19:06:27 UTC
>>
>> =A0 FreeBSD ports repository
>>
>> =A0 Modified files:
>> =A0 =A0 security/vuxml =A0 =A0 =A0 vuln.xml
>> =A0 Log:
>> =A0 Correct range for apache22, 2.2.20 is fixed and 1.3 wasn't affected.
>>
>
> According to http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2011-319=
2
> 1.3 _is_ affected and there will be no fix for 1.3:
> "Note that, while popular, Apache 1.3 is deprecated." (from
> announce@httpd advisory about ranges bug).
>

Yeah, there's an update from yesterday at

https://people.apache.org/~dirkx/CVE-2011-3192.txt

Perhaps I should have put the link rather than the CVE name, sorry.

Although there's a problem with apache13, it's no longer a
showstopper, just causes slowdowns.

Chris