From owner-freebsd-security  Wed Apr 10 23: 6:27 2002
Delivered-To: freebsd-security@freebsd.org
Received: from wiggle.seifried.org (h24-86-92-240.sbm.shawcable.net [24.86.92.240])
	by hub.freebsd.org (Postfix) with ESMTP id 52B0137B416
	for <security@FreeBSD.ORG>; Wed, 10 Apr 2002 23:06:21 -0700 (PDT)
Message-ID: <005201c1ddbc$4dc54a90$1400020a@chaser>
Reply-To: "Kurt Seifried" <listuser@seifried.org>
From: "Kurt Seifried" <listuser@seifried.org>
To: "Barney Wolff" <barney@databus.com>, <security@FreeBSD.ORG>
References: <200204051512.g35FCOr11637@freefall.freebsd.org> <20020406143243.A8409@tp.databus.com>
Subject: Re: FreeBSD Security Notice FreeBSD-SN-02:01
Date: Sat, 6 Apr 2002 14:42:16 -0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

not yet fixed in ports (i.e. ports tree hasn't been updated). Source code
updates are available for all the problems except for netscape/acroread.


Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/


----- Original Message -----
From: "Barney Wolff" <barney@databus.com>
To: <security@FreeBSD.ORG>
Sent: Saturday, April 06, 2002 11:32 AM
Subject: Re: FreeBSD Security Notice FreeBSD-SN-02:01


> I don't understand the status of "Not yet fixed."  The advisory says
> mod_ssl versions < 2.8.7 have the bug, while 2.8.8 is the port
> distfile as of 3/28/02.  What am I missing?
>
> On Fri, Apr 05, 2002 at 07:12:24AM -0800, FreeBSD Security Advisories
wrote:
> >
+------------------------------------------------------------------------+
> > Port name:      apache13-ssl, apache13-modssl
> > Affected:       all versions of apache+ssl
> >                 all versions of apache+mod_ssl
> > Status:         Not yet fixed.
> > Buffer overflows in SSL session cache handling.
> > <URL:http://www.apache-ssl.org/advisory-20020301.txt>
> > <URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0313.html>
>
> --
> Barney Wolff
> I never met a computer I didn't like.
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message