From owner-freebsd-security@FreeBSD.ORG  Thu Sep 30 20:55:35 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1CAF716A514
	for <freebsd-security@freebsd.org>;
	Thu, 30 Sep 2004 20:55:33 +0000 (GMT)
Received: from cowbert.2y.net (d46h180.public.uconn.edu [137.99.46.180])
	by mx1.FreeBSD.org (Postfix) with SMTP id 891C643D3F
	for <freebsd-security@freebsd.org>;
	Thu, 30 Sep 2004 20:55:03 +0000 (GMT)
	(envelope-from sirmoo@cowbert.net)
Received: (qmail 72668 invoked by uid 1001); 30 Sep 2004 20:55:03 -0000
Date: Thu, 30 Sep 2004 16:55:03 -0400
From: "Peter C. Lai" <sirmoo@cowbert.net>
To: Eli Dart <dart@nersc.gov>
Message-ID: <20040930205503.GS243@cowbert.net>
References: <20040930204516.EB577F987@gemini.nersc.gov>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20040930204516.EB577F987@gemini.nersc.gov>
User-Agent: Mutt/1.5.6i
cc: freebsd-security@freebsd.org
Subject: Re: apache2 port
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Sep 2004 20:55:36 -0000

no. you can tell by PORTVERSION in the Makefile.

On Thu, Sep 30, 2004 at 01:45:16PM -0700, Eli Dart wrote:
> Hi all,
> 
> There has been another vulnerability [1] discovered in apache2.  This 
> affects only version 2.0.51 (where it was introduced).  The ports 
> tree is frozen, pending 5.3-R, so I assume that an update of the 
> apache2 port to 2.0.52 is not forthcoming any time soon.
> 
> The question is this -- since the apache2 in the ports tree is 2.0.50 
> plus patches, does the version in the ports tree have this 
> vulnerability?  It seems that it only would if the patches to 2.0.50 
> introduced the vulnerability...  Does anyone know?
> 
> Thanks!
> 
> 		--eli
> 
> 
> 
> 



-- 
Peter C. Lai
University of Connecticut
Dept. of Molecular and Cell Biology
Yale University School of Medicine
SenseLab | Research Assistant
http://cowbert.2y.net/