From owner-cvs-all@FreeBSD.ORG  Sun Jul 30 15:42:23 2006
Return-Path: <owner-cvs-all@FreeBSD.ORG>
X-Original-To: cvs-all@FreeBSD.org
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 18A3516A4DA;
	Sun, 30 Jul 2006 15:42:23 +0000 (UTC)
	(envelope-from simon@zaphod.nitro.dk)
Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7A21D43D45;
	Sun, 30 Jul 2006 15:42:21 +0000 (GMT)
	(envelope-from simon@zaphod.nitro.dk)
Received: from zaphod.nitro.dk (unknown [192.168.3.39])
	by mx.nitro.dk (Postfix) with ESMTP id 23E822D6C23;
	Sun, 30 Jul 2006 15:42:19 +0000 (UTC)
Received: by zaphod.nitro.dk (Postfix, from userid 3000)
	id 91EC31141D; Sun, 30 Jul 2006 17:42:18 +0200 (CEST)
Date: Sun, 30 Jul 2006 17:42:18 +0200
From: "Simon L. Nielsen" <simon@FreeBSD.org>
To: Sergey Matveychuk <sem@FreeBSD.org>
Message-ID: <20060730154217.GF1116@zaphod.nitro.dk>
References: <200607282159.k6SLxNOX000898@repoman.freebsd.org>
	<44CCD110.7080801@FreeBSD.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <44CCD110.7080801@FreeBSD.org>
User-Agent: Mutt/1.5.11
Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org
Subject: Re: cvs commit: ports/security/vuxml vuln.xml
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Jul 2006 15:42:23 -0000

On 2006.07.30 19:32:32 +0400, Sergey Matveychuk wrote:
> Simon L. Nielsen wrote:
> > simon       2006-07-28 21:59:23 UTC
> > 
> >   FreeBSD ports repository
> > 
> >   Modified files:
> >     security/vuxml       vuln.xml 
> >   Log:
> >   Document apache -- mod_rewrite ldap buffer overflow vulnerability.
> >   
> >   Thanks to remko for doing initial list of apache package names in an
> >   earlier VuXML entry.
> >   
> >   Revision  Changes    Path
> >   1.1085    +100 -1    ports/security/vuxml/vuln.xml
> 
> Simon, looks like you use wrong comparing operator tags in the entry.
> 1.3.28, 2.0.46 and 2.2.0 are not affected versions, so here should be
> <gt>, not <ge>.

I'm pretty sure they are correct since those versions are affected.
>From [1]:

	An off-by-one flaw exists in the Rewrite module, mod_rewrite,
	as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and
	2.2 since 2.2.0.

[1] http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=115409818602955

-- 
Simon L. Nielsen