Date: Sat, 6 Apr 2002 14:42:16 -0800 From: "Kurt Seifried" <listuser@seifried.org> To: "Barney Wolff" <barney@databus.com>, <security@FreeBSD.ORG> Subject: Re: FreeBSD Security Notice FreeBSD-SN-02:01 Message-ID: <005201c1ddbc$4dc54a90$1400020a@chaser> References: <200204051512.g35FCOr11637@freefall.freebsd.org> <20020406143243.A8409@tp.databus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
not yet fixed in ports (i.e. ports tree hasn't been updated). Source code updates are available for all the problems except for netscape/acroread. Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ ----- Original Message ----- From: "Barney Wolff" <barney@databus.com> To: <security@FreeBSD.ORG> Sent: Saturday, April 06, 2002 11:32 AM Subject: Re: FreeBSD Security Notice FreeBSD-SN-02:01 > I don't understand the status of "Not yet fixed." The advisory says > mod_ssl versions < 2.8.7 have the bug, while 2.8.8 is the port > distfile as of 3/28/02. What am I missing? > > On Fri, Apr 05, 2002 at 07:12:24AM -0800, FreeBSD Security Advisories wrote: > > +------------------------------------------------------------------------+ > > Port name: apache13-ssl, apache13-modssl > > Affected: all versions of apache+ssl > > all versions of apache+mod_ssl > > Status: Not yet fixed. > > Buffer overflows in SSL session cache handling. > > <URL:http://www.apache-ssl.org/advisory-20020301.txt>; > > <URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0313.html>; > > -- > Barney Wolff > I never met a computer I didn't like. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005201c1ddbc$4dc54a90$1400020a>