From owner-freebsd-ports@FreeBSD.ORG  Wed Oct 20 17:34:26 2004
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6973F16A4CE; Wed, 20 Oct 2004 17:34:26 +0000 (GMT)
Received: from mail.struchtrup.de (mail.struchtrup.de [80.190.247.172])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id E696843D48; Wed, 20 Oct 2004 17:34:23 +0000 (GMT)
	(envelope-from seb@struchtrup.com)
Received: from dialin-145-254-091-090.arcor-ip.net ([145.254.91.90])
	by mail.struchtrup.de with esmtpsa (TLSv1:AES256-SHA:256)
	(Exim 4.42 (FreeBSD))
	id 1CKKNG-000Hdx-L2; Wed, 20 Oct 2004 17:35:47 +0000
Message-ID: <4176A1E0.6030205@struchtrup.com>
Date: Wed, 20 Oct 2004 19:35:28 +0200
From: Sebastian Schulze Struchtrup <seb@struchtrup.com>
User-Agent: Mozilla Thunderbird 0.6 (X11/20040517)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Simon L. Nielsen" <simon@FreeBSD.org>
References: <004b01c4b68d$035a25a0$a064a8c0@grip.nl>
	<20041020110259.GA38790@zaphod.nitro.dk>
In-Reply-To: <20041020110259.GA38790@zaphod.nitro.dk>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Struchtrup-MailScanner-Information: Please contact the ISP for more
	information
X-Struchtrup-MailScanner: Found to be clean
X-MailScanner-From: seb@struchtrup.com
cc: ports@FreeBSD.org
cc: Remy de Ruysscher - Grip MultiMedia <deruysscher@grip.nl>
Subject: Re: FBSD ports Apache 1.32?
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Oct 2004 17:34:26 -0000

Simon L. Nielsen wrote:

>On 2004.10.20 12:10:23 +0200, Remy de Ruysscher - Grip MultiMedia wrote:
>  
>
>>Hi,
>>
>>I was wondering when the FBSD Ports are updated to Apache 1.32? 
>>There is a know vunerability in Apache 1.31.  
>>
>>http://xforce.iss.net/xforce/xfdb/17413
>>    
>>
>
>Well, the first requirement is that Apache 1.32 is released, which it
>isn't yet according to http://httpd.apache.org/download.cgi .
>  
>
The described vulnerability is probably not really a serious problem.
It affects only the htpasswd utility and thus a local user to exploit 
it. It is not set-uid.
Many sites don't have any (unstrusted) local users and it can not be 
exploited by an http request.

If you worry about this, you can delete it (But only if you don't need 
to change passwords).