From owner-cvs-ports@FreeBSD.ORG Fri Sep 2 07:32:19 2011 Return-Path: Delivered-To: cvs-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C64BE106566B; Fri, 2 Sep 2011 07:32:19 +0000 (UTC) (envelope-from utisoft@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id 56E2F8FC12; Fri, 2 Sep 2011 07:32:19 +0000 (UTC) Received: by iadx2 with SMTP id x2so3713875iad.13 for ; Fri, 02 Sep 2011 00:32:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=HzAGbjLcotwoNniflp7nj1U08fTsaCPjR3H0nUo3+9s=; b=mA1ld/kmjMt+Lvv5/eIa0CdNpi9zXM/HBUgGQGhRbisnlzAWBNK8yfkN5LaDchzJ4l xPYx8+hpKMgEUutF67tf08D5GNro1z3t3VK9ZXPHyktF/JbwrI4XqKSLyLOEPZt3yVnz mVY5DvxQzJoj63T5G83B0UzCMIXnQ9TVkBbQo= MIME-Version: 1.0 Received: by 10.231.66.85 with SMTP id m21mr1449895ibi.53.1314948738564; Fri, 02 Sep 2011 00:32:18 -0700 (PDT) Sender: utisoft@gmail.com Received: by 10.231.61.148 with HTTP; Fri, 2 Sep 2011 00:32:18 -0700 (PDT) Received: by 10.231.61.148 with HTTP; Fri, 2 Sep 2011 00:32:18 -0700 (PDT) In-Reply-To: <4E601AAB.90903@FreeBSD.org> References: <201109011906.p81J6RVU069402@repoman.freebsd.org> <20110901194253.GA84679@vniz.net> <4E601AAB.90903@FreeBSD.org> Date: Fri, 2 Sep 2011 08:32:18 +0100 X-Google-Sender-Auth: aSa_R82RfP40CkviHHjQYF21giI Message-ID: From: Chris Rees To: Doug Barton Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: cvs-ports@freebsd.org, Andrey Chernov , cvs-all@freebsd.org, ports-committers@freebsd.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml X-BeenThere: cvs-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Sep 2011 07:32:20 -0000 On 2 Sep 2011 00:52, "Doug Barton" wrote: > > On 09/01/2011 12:47, Chris Rees wrote: > > On 1 September 2011 20:42, Andrey Chernov wrote: > >> On Thu, Sep 01, 2011 at 07:06:27PM +0000, Chris Rees wrote: > >>> crees 2011-09-01 19:06:27 UTC > >>> > >>> FreeBSD ports repository > >>> > >>> Modified files: > >>> security/vuxml vuln.xml > >>> Log: > >>> Correct range for apache22, 2.2.20 is fixed and 1.3 wasn't affected. > >>> > >> > >> According to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 > >> 1.3 _is_ affected and there will be no fix for 1.3: > >> "Note that, while popular, Apache 1.3 is deprecated." (from > >> announce@httpd advisory about ranges bug). > >> > > > > Yeah, there's an update from yesterday at > > > > https://people.apache.org/~dirkx/CVE-2011-3192.txt > > > > Perhaps I should have put the link rather than the CVE name, sorry. > > > > Although there's a problem with apache13, it's no longer a > > showstopper, just causes slowdowns. > > Isn't encouraging people to move away from 1.3 a good thing, regardless? I don't see how exaggerating a problem and giving apache13 users perpetual daily whines from portaudit is constructive or fair. Chris