Date: Fri, 2 Sep 2011 08:32:18 +0100 From: Chris Rees <crees@freebsd.org> To: Doug Barton <dougb@freebsd.org> Cc: cvs-ports@freebsd.org, Andrey Chernov <ache@freebsd.org>, cvs-all@freebsd.org, ports-committers@freebsd.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml Message-ID: <CADLo83-RkfSv-5mPyz74x1_D-vJFpQX5xif5N%2BShBY7Fe1MSvg@mail.gmail.com> In-Reply-To: <4E601AAB.90903@FreeBSD.org> References: <201109011906.p81J6RVU069402@repoman.freebsd.org> <20110901194253.GA84679@vniz.net> <CADLo838Pa6zCtAaw94xE2mQcNY-4yCNDiszOXUy6QYWXJHdhrg@mail.gmail.com> <4E601AAB.90903@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2 Sep 2011 00:52, "Doug Barton" <dougb@freebsd.org> wrote: > > On 09/01/2011 12:47, Chris Rees wrote: > > On 1 September 2011 20:42, Andrey Chernov <ache@freebsd.org> wrote: > >> On Thu, Sep 01, 2011 at 07:06:27PM +0000, Chris Rees wrote: > >>> crees 2011-09-01 19:06:27 UTC > >>> > >>> FreeBSD ports repository > >>> > >>> Modified files: > >>> security/vuxml vuln.xml > >>> Log: > >>> Correct range for apache22, 2.2.20 is fixed and 1.3 wasn't affected. > >>> > >> > >> According to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 > >> 1.3 _is_ affected and there will be no fix for 1.3: > >> "Note that, while popular, Apache 1.3 is deprecated." (from > >> announce@httpd advisory about ranges bug). > >> > > > > Yeah, there's an update from yesterday at > > > > https://people.apache.org/~dirkx/CVE-2011-3192.txt > > > > Perhaps I should have put the link rather than the CVE name, sorry. > > > > Although there's a problem with apache13, it's no longer a > > showstopper, just causes slowdowns. > > Isn't encouraging people to move away from 1.3 a good thing, regardless? I don't see how exaggerating a problem and giving apache13 users perpetual daily whines from portaudit is constructive or fair. Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADLo83-RkfSv-5mPyz74x1_D-vJFpQX5xif5N%2BShBY7Fe1MSvg>