From owner-cvs-all@FreeBSD.ORG Sun Jul 30 15:47:58 2006 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7A48A16A625; Sun, 30 Jul 2006 15:47:58 +0000 (UTC) (envelope-from sem@FreeBSD.org) Received: from mail.ciam.ru (ns.ciam.ru [213.247.195.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC32A43D7C; Sun, 30 Jul 2006 15:47:52 +0000 (GMT) (envelope-from sem@FreeBSD.org) Received: from [87.240.16.199] (helo=[192.168.0.4]) by mail.ciam.ru with esmtpa (Exim 4.x) id 1G7DWB-000L5A-Vq; Sun, 30 Jul 2006 19:47:52 +0400 Message-ID: <44CCD487.7090306@FreeBSD.org> Date: Sun, 30 Jul 2006 19:47:19 +0400 From: Sergey Matveychuk User-Agent: Thunderbird 1.5.0.5 (X11/20060729) MIME-Version: 1.0 To: "Simon L. Nielsen" References: <200607282159.k6SLxNOX000898@repoman.freebsd.org> <44CCD110.7080801@FreeBSD.org> <20060730154217.GF1116@zaphod.nitro.dk> In-Reply-To: <20060730154217.GF1116@zaphod.nitro.dk> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Jul 2006 15:47:58 -0000 Simon L. Nielsen wrote: > On 2006.07.30 19:32:32 +0400, Sergey Matveychuk wrote: >> Simon L. Nielsen wrote: >>> simon 2006-07-28 21:59:23 UTC >>> >>> FreeBSD ports repository >>> >>> Modified files: >>> security/vuxml vuln.xml >>> Log: >>> Document apache -- mod_rewrite ldap buffer overflow vulnerability. >>> >>> Thanks to remko for doing initial list of apache package names in an >>> earlier VuXML entry. >>> >>> Revision Changes Path >>> 1.1085 +100 -1 ports/security/vuxml/vuln.xml >> Simon, looks like you use wrong comparing operator tags in the entry. >> 1.3.28, 2.0.46 and 2.2.0 are not affected versions, so here should be >> , not . > > I'm pretty sure they are correct since those versions are affected. > From [1]: > > An off-by-one flaw exists in the Rewrite module, mod_rewrite, > as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and > 2.2 since 2.2.0. > > [1] http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=115409818602955 > Oh, sorry, I'm wrong. -- Dixi. Sem.