Date: Tue, 9 Apr 2002 10:12:03 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.ORG> To: Barney Wolff <barney@databus.com> Cc: security@FreeBSD.ORG Subject: Re: FreeBSD Security Notice FreeBSD-SN-02:01 Message-ID: <20020409151202.GE19961@madman.nectar.cc> In-Reply-To: <20020406143243.A8409@tp.databus.com> References: <200204051512.g35FCOr11637@freefall.freebsd.org> <20020406143243.A8409@tp.databus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Apr 06, 2002 at 02:32:43PM -0500, Barney Wolff wrote: > I don't understand the status of "Not yet fixed." The advisory says > mod_ssl versions < 2.8.7 have the bug, while 2.8.8 is the port > distfile as of 3/28/02. What am I missing? > > On Fri, Apr 05, 2002 at 07:12:24AM -0800, FreeBSD Security Advisories wrote: > > +------------------------------------------------------------------------+ > > Port name: apache13-ssl, apache13-modssl > > Affected: all versions of apache+ssl > > all versions of apache+mod_ssl > > Status: Not yet fixed. > > Buffer overflows in SSL session cache handling. > > <URL:http://www.apache-ssl.org/advisory-20020301.txt>; > > <URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0313.html>; You aren't missing anything. The port was updated while the notice was undergoing review, and the new version was missed. Revisions to the security notice will follow as ports are fixed. Cheers, -- Jacques A. Vidrine <n@nectar.cc> http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020409151202.GE19961>